Langflow Unauthenticated Cross-Tenant Data Leak Vulnerability in Image Download Endpoint

A vulnerability in Langflow versions 1.0.0 through 1.8.1 allows for unauthenticated access to image files through the '/api/v1/files/images/{flow_id}/{file_name}' endpoint. This endpoint lacks authentication and ownership checks, enabling any user to download images from other users' workflows in a multi-tenant environment. The vulnerability arises because flow IDs can be guessed or discovered, potentially leading to unauthorized access to sensitive data.

Impact

Exploitation of this vulnerability results in an unauthenticated cross-tenant data leak, allowing attackers to download images from other users' workflows without permission.

Reproduction

To reproduce this vulnerability, send an unauthenticated request to the '/api/v1/files/images/{flow_id}/{file_name}' endpoint, replacing '{flow_id}' with a valid UUID that can be guessed or has been leaked through other API responses, and '{file_name}' with the name of the image file to be downloaded. The server will respond with an HTTP 200 status and the requested image bytes, without requiring any authentication headers.

Remediation

Users can upgrade to Langflow version 1.9.0 or later, where this vulnerability has been patched.