Flowise WriteFileTool and ReadFileTool Arbitrary File Read and Write Vulnerability Allowing Remote Command Execution

A vulnerability in Flowise's WriteFileTool and ReadFileTool components, present in versions prior to 3.0.8, allows authenticated attackers to read and write arbitrary files on the server's file system. This lack of file path restriction can lead to remote command execution. The vulnerability arises because the tools directly use file path parameters without proper validation, enabling exploitation by writing malicious content to sensitive files or reading confidential information from the server.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive files, such as encryption keys and SSH credentials, and allow for remote command execution on the server.

Reproduction

The vulnerability can be reproduced by using the affected Flowise Docker image. After deploying the image and registering an account, the vulnerability can be exploited by creating an agent flow that utilizes the ReadFileTool or WriteFileTool. The agent can then be executed to read from or write to arbitrary file paths on the server.

Remediation

Users can update to Flowise version 3.0.8 or later, where this vulnerability has been patched.