n8n is vulnerable to Privilege Escalation. The vulnerability is due to a lack of object checks when merging the user supplied fields with the server object. The privilege escalation vulnerability occurs whenever the updateCurrentUser
method of the MeController
class merges a user object with an object under the user’s control without running through all the necessary checks. Any property added to the HTTP request body using this object will be merged into the user object without being validated, allowing an authenticated user to modify it.