Lucene search

[email protected]NVD:CVE-2024-8181

HistoryAug 27, 2024 - 1:15 p.m.

CVE-2024-8181

2024-08-2713:15:06

CWE-287

[email protected]

web.nvd.nist.gov

authentication

bypass

flowise 1.8.2

remote attacker

api endpoints

administrator

restricted functionality

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

0.006

Percentile

78.6%

JSON

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.

Affected configurations

Nvd

Node

flowiseaiflowiseMatch1.8.2

VendorProductVersionCPE
flowiseaiflowise1.8.2cpe:2.3:a:flowiseai:flowise:1.8.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
flowiseai	flowise	1.8.2	cpe:2.3:a:flowiseai:flowise:1.8.2:::::::*

References

tenable.com/security/research/tra-2024-33

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

0.006

Percentile

78.6%

JSON

Related for NVD:CVE-2024-8181

osv2 cvelist1 github1 vulnrichment1 veracode1 cve1