Lucene search

TenableVULNRICHMENT:CVE-2024-8181

HistoryAug 27, 2024 - 1:10 p.m.

CVE-2024-8181 Flowise Authentication Bypass

2024-08-2713:10:40

tenable

github.com

cve-2024-8181

flowise

authentication bypass

api endpoints

administrator

restricted functionality

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

0.006

Percentile

78.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*"
    ],
    "vendor": "flowiseai",
    "product": "flowise",
    "versions": [
      {
        "status": "affected",
        "version": "1.8.2"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

tenable.com/security/research/tra-2024-33

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

0.006

Percentile

78.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-8181