Flowise Server-Side Request Forgery Vulnerability Allowing Access to Internal Network Resources

A server-side request forgery (SSRF) vulnerability has been identified in Flowise versions prior to 3.0.13. The issue arises in the HTTP Node within AgentFlow and Chatflow, where user-controlled URLs can be used to make HTTP requests to internal network resources. By default, there are no restrictions on target hosts, allowing access to private IP ranges, localhost, and cloud metadata endpoints. This vulnerability enables users to force the Flowise server to access internal resources that are not publicly accessible, potentially leading to unauthorized retrieval of sensitive information or manipulation of internal services.

Impact

Exploitation of this vulnerability allows unauthorized users to access internal network resources, including private admin panels and cloud metadata services. The HTTP Node can be used to perform port scanning, enumerate internal services, and potentially move laterally or escalate privileges in compromised environments. Additionally, the vulnerability could be exploited to modify or delete data on internal services that expose writable endpoints.

Reproduction

To reproduce this vulnerability, create a flow in Flowise that includes an HTTP Node configured to send a request to an internal service, such as one running on localhost. When the flow is triggered, the Flowise server will make the request to the internal service, demonstrating access to resources that are not available from the public internet.

Remediation

Users are advised to update Flowise to version 3.0.13 or later, where this vulnerability has been fixed.