Langfuse Improper Authorization Vulnerability in Background Migration Endpoints Allowing Data Corruption and Denial-of-Service
Vulnerability
A vulnerability in Langfuse version 3.1 prior to d67b317 allows any authenticated user to access and control background migration processes through TRPC endpoints. This improper authorization can lead to data corruption by disrupting ongoing migrations, causing inconsistent database states, and creating a denial-of-service condition by overwhelming the system with resource-intensive migration jobs.
Impact
Exploitation of this vulnerability could cause significant data corruption and lead to a platform-wide denial-of-service outage, affecting all customers.
Reproduction
To reproduce this vulnerability, an authenticated user can call the 'backgroundMigrations.all' endpoint to list ongoing migrations, and then use the 'backgroundMigrations.retry' endpoint to restart a critical migration job, causing data corruption or a denial-of-service condition.
Remediation
The vulnerability has been patched by requiring an admin API key for retrying background migrations. Users should update to the latest version of Langfuse.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.