Compliance Impact

The vulnerability allows attackers to break tenant isolation by reassigning assistants to arbitrary workspaces, potentially leading to unauthorized access to data across different tenants.

Such unauthorized data access and modification could result in violations of data protection regulations like GDPR and HIPAA, which require strict controls on data segregation, confidentiality, and integrity.

Therefore, this vulnerability may negatively impact compliance with these standards by enabling cross-tenant data exposure and unauthorized data manipulation.

Useful 0 Not Useful 0

Executive Summary

This vulnerability is a mass assignment flaw in the assistant update endpoint of FlowiseAI versions prior to 3.1.2. Authenticated users can modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Because the server lacks proper validation and authorization checks, an attacker can manipulate the workspaceId field to reassign assistants to arbitrary workspaces. This breaks tenant isolation in environments where multiple workspaces exist.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker with low privileges to reassign assistants to different workspaces without authorization. This breaks tenant isolation in multi-workspace environments, potentially allowing unauthorized access to data or resources belonging to other tenants. It impacts both the confidentiality and integrity of the system by enabling unauthorized modification of metadata and cross-workspace reassignment of assistants.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring and analyzing requests to the assistant update endpoint (PUT /api/v1/assistants/{assistantId}) for unauthorized modifications of server-controlled fields such as workspaceId, createdDate, and updatedDate.

To detect exploitation attempts, you can capture and inspect HTTP requests to this endpoint, looking for unexpected or unauthorized changes to these fields.

Suggested commands include using network traffic capture tools like curl or tcpdump combined with JSON parsing tools to identify suspicious payloads.

• Use curl to fetch assistant update requests and inspect the JSON payload for unauthorized fields: curl -X PUT https://your-flowise-instance/api/v1/assistants/{assistantId} -d '{"workspaceId": "unauthorized_value"}' -H 'Authorization: Bearer <token>' -v
• Use tcpdump or Wireshark to capture HTTP traffic on the server and filter for PUT requests to /api/v1/assistants/: tcpdump -i eth0 -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
• Analyze server logs for update requests that include modifications to workspaceId or other server-controlled fields.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade Flowise to version 3.1.2 or later, where this mass assignment vulnerability has been patched.

Until the upgrade can be applied, restrict access to the assistant update endpoint to trusted users only and monitor for suspicious activity involving modifications to workspaceId and other server-controlled fields.

Implement additional server-side validation and authorization checks to ensure that users cannot modify properties like workspaceId, createdDate, and updatedDate.

Review and tighten API permissions and consider applying network-level controls to limit exposure of the vulnerable endpoint.

Useful 0 Not Useful 0