CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
flowise is vulnerable to a CORS misconfiguration. The vulnerability is due to the Access-Control-Allow-Origin header being set to allow all origins, permitting arbitrary origins to connect to the website. In the default unauthenticated configuration, attackers can exploit this to make requests to Flowise and steal user information.