n8n File Access Vulnerability Allowing Arbitrary File Read by Authenticated Users

A vulnerability exists in n8n, an open-source workflow automation platform, prior to versions 1.123.18 and 2.5.0. The issue arises from improper file access controls, allowing authenticated users with the ability to create or modify workflows to read sensitive files from the host system. This vulnerability can be exploited to access critical configuration data and user credentials, potentially leading to a complete account takeover of any user on the instance.

Impact

Exploitation of this vulnerability allows for arbitrary file read from the host system, with potential access to sensitive configuration data and user credentials, leading to account takeover.

Remediation

Users should upgrade to n8n version 1.123.18 or 2.5.0. If an immediate upgrade is not possible, consider limiting workflow creation and editing permissions to trusted users and restricting access to nodes that interact with the file system, such as the 'Read/Write Files from Disk' and 'Git' nodes.