Flowise Mass Assignment Vulnerability in DocumentStore Creation Endpoint Allows Cross-Workspace Object Takeover

A mass assignment vulnerability has been identified in Flowise versions prior to 3.1.0, specifically within the DocumentStore creation endpoint. This vulnerability allows authenticated users to manipulate the primary key and internal state fields of DocumentStore entities. The issue arises because the service uses repository.save() with a client-supplied primary key, effectively turning the POST create endpoint into an implicit UPSERT operation. As a result, existing DocumentStore objects can be overwritten. In multi-workspace or multi-tenant deployments, this vulnerability can lead to cross-workspace object takeover and broken object-level authorization, allowing an attacker to reassign or modify DocumentStore objects belonging to other workspaces.

Impact

Exploitation of this vulnerability allows for mass assignment on server-managed fields, overwriting of existing objects through implicit UPSERT behavior, and broken object-level authorization. In multi-tenant environments, this can result in cross-workspace object takeover, where an attacker modifies or reassigns DocumentStore objects belonging to other tenants. Such actions can disrupt data indexing, retrieval, and AI workflow execution, posing a high risk in shared-workspace scenarios.

Reproduction

To reproduce this vulnerability, first create a DocumentStore in Workspace A and capture its ID. Then, from Workspace B or another authenticated context, send a POST request to the DocumentStore creation endpoint, including the ID from Workspace A along with modified name and description fields. This request will update the existing DocumentStore record in Workspace A, demonstrating the object takeover via the UPSERT behavior of the create endpoint.

Remediation

Users are advised to update Flowise to version 3.1.0 or later, where this vulnerability has been fixed.