Flowise Authentication Bypass Vulnerability Allowing Unauthenticated OAuth 2.0 Access Token Disclosure

An authentication bypass vulnerability has been identified in Flowise versions prior to 3.1.0. This vulnerability allows unauthenticated attackers to obtain OAuth 2.0 access tokens linked to public chatflows. By accessing a public chatflow configuration endpoint, attackers can retrieve internal workflow data, including OAuth credential identifiers. These identifiers can then be used to refresh and acquire valid OAuth 2.0 access tokens without authentication. The vulnerability arises because the public chatflow configuration endpoint returns sensitive flow data, including OAuth credential identifiers, without any authentication or authorization checks. This issue is particularly concerning for self-hosted Flowise deployments, where public chatflows are often exposed to the internet and require unauthenticated access by design.

Impact

Exploitation of this vulnerability allows unauthenticated attackers to obtain OAuth 2.0 access tokens for third-party services integrated with Flowise. This could lead to unauthorized access to data, abuse of APIs, or compromise of user accounts.

Reproduction

To reproduce this vulnerability, first, host a self-managed instance of Flowise and create a public chatflow that uses an OAuth 2.0 credential, such as Gmail OAuth2. Once the chatflow is set up, obtain the `chatflowId`, which is accessible to unauthenticated users through public chatflow URLs, embedded widgets, or browser network requests. After acquiring the `chatflowId`, send a request to the public chatbot configuration endpoint without authentication. The response will include internal `flowData` containing an OAuth credential identifier. Finally, use the credential identifier to refresh the OAuth 2.0 token by sending a POST request to the OAuth 2.0 credential refresh endpoint, also without authentication.

Remediation

Users are advised to update Flowise to version 3.1.0 or later, where this vulnerability has been fixed.