n8n is vulnerable to Authentication Bypass. The vulnerability is due to a lack of authentication in auth.ts
when the url contains .svg
, resulting in information disclosure.
github.com/advisories/GHSA-r9xw-p7wj-w792
github.com/n8n-io/n8n/commit/f58573dba30eba8fe3d844d1b7b2dbbb8d51b8b5
github.com/n8n-io/n8n/pull/5525
github.com/n8n-io/n8n/releases
security.netapp.com/advisory/ntap-20230622-0007/
www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf