Flowise Server-Side Request Forgery Protection Bypass Vulnerability in Custom Function Feature

A Server-Side Request Forgery (SSRF) protection bypass vulnerability has been identified in Flowise versions prior to 3.1.0. The issue arises in the Custom Function feature, where the application allows the use of built-in Node.js http, https, and net modules without proper SSRF protection. This oversight enables authenticated users to bypass existing SSRF controls and access internal network resources, such as cloud provider metadata services. The vulnerability exists because, while Flowise implements SSRF protection for axios and node-fetch libraries, the unprotected built-in modules can be used to make arbitrary HTTP requests, completely circumventing the intended security measures.

Impact

Exploitation of this vulnerability allows authenticated users to bypass SSRF protections and access internal network resources. This could lead to unauthorized access to sensitive data, such as cloud provider metadata including IAM credentials, which could be used to access other cloud resources. Additionally, the vulnerability could be used to scan internal networks, discover services, and identify targets for further attacks.

Reproduction

To reproduce this vulnerability, first ensure that a Flowise instance is running with the 'HTTP_DENY_LIST' configured to protect against SSRF (excluding the internal metadata service). After confirming that SSRF protection is enabled, send a request to the '/api/v1/node-custom-function' endpoint with a JavaScript function that uses the built-in 'http' module to access the metadata service. The response should include sensitive data, such as IAM credentials, demonstrating that the SSRF protection has been bypassed.

Remediation

Users can update to Flowise version 3.1.0 or later, where this vulnerability has been fixed.