Flowise Unauthenticated Text-to-Speech Credential Abuse Vulnerability

A vulnerability in Flowise versions prior to 3.1.0 allows unauthorized access to the text-to-speech generation endpoint. The endpoint, which is whitelisted and requires no authentication, accepts a credentialId in the request body. When the chatflowId is not provided, the endpoint uses the credentialId to decrypt stored credentials, such as OpenAI or ElevenLabs API keys, and generate speech. This issue could lead to unauthorized use of API keys, depletion of API credits, and generation of speech content at the expense of the victim.

Impact

Exploitation of this vulnerability allows for unauthorized use of victims' API keys from services like OpenAI, ElevenLabs, Azure, and Google, leading to a waste of API credits and generation of speech content without consent.

Reproduction

To reproduce this vulnerability, send a POST request to the '/api/v1/text-to-speech/generate' endpoint without a chatflowId, including an arbitrary credentialId in the request body. The endpoint will process the request and generate speech using the API key associated with the provided credentialId, demonstrating that the endpoint can be exploited without authentication.

Remediation

Users are advised to update Flowise to version 3.1.0 or later.