Executive Summary

PraisonAI includes a legacy Flask API server that is shipped with authentication disabled by default in versions from 2.5.6 up to before 4.6.34. This means that anyone who can reach the server can access certain endpoints like /agents and /chat without providing any authentication token.

The /agents endpoint returns metadata about configured agents, while the /chat endpoint allows triggering workflows defined in the agents.yaml file. Because authentication is disabled by default (with hard-coded settings AUTH_ENABLED = False and AUTH_TOKEN = None), these endpoints are accessible to unauthenticated users.

An attacker can exploit this vulnerability to enumerate agents, trigger workflows, consume system resources, or access workflow results without authorization. This issue has been patched in version 4.6.34.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the legacy Flask API server is running and accessible without authentication on port 8080. Specifically, you can test if the endpoints /agents and /chat are reachable and respond without requiring a token.

• Use a network scanning tool like nmap to check if port 8080 is open: nmap -p 8080 <target-ip>
• Use curl or a similar HTTP client to test the /agents endpoint for unauthenticated access: curl http://<target-ip>:8080/agents
• Use curl to test the /chat endpoint to see if workflows can be triggered without authentication: curl -X POST http://<target-ip>:8080/chat -d '{"input": "test"}' -H 'Content-Type: application/json'

If these endpoints respond successfully without requiring authentication tokens, the system is vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade PraisonAI to version 4.6.34 or later, where the authentication issue has been patched.

If upgrading is not immediately possible, restrict network access to the API server on port 8080 to trusted hosts only, preventing unauthorized external access.

Additionally, review and modify the api_server.py configuration to enable authentication by setting AUTH_ENABLED to True and configuring a valid AUTH_TOKEN.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing unauthorized users to access and interact with the PraisonAI system without any authentication.

• Confidentiality impact: Attackers can access metadata about agents and potentially sensitive workflow results.
• Integrity impact: Attackers can trigger workflows unconditionally, potentially altering system state or data.
• Availability impact: Attackers can consume system resources by repeatedly triggering workflows, potentially leading to denial of service.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in PraisonAI allows unauthenticated access to sensitive API endpoints, enabling attackers to enumerate agents, trigger workflows, and access workflow results without authorization.

This unauthorized access can lead to confidentiality, integrity, and availability impacts, which may result in exposure or manipulation of sensitive data.

Such security weaknesses could potentially violate compliance requirements under common standards and regulations like GDPR and HIPAA, which mandate protection of sensitive data and controlled access.

Therefore, organizations using affected versions of PraisonAI might face compliance risks if the vulnerability is exploited, as it undermines the necessary security controls to protect personal or sensitive information.

Useful 0 Not Useful 0