Flowsint Metadata Update Vulnerability Allows Unauthorized Investigation Modification

A vulnerability in Flowsint prior to version 1.2.3 allows users to update the metadata of investigations belonging to other users. This issue arises from a lack of proper access controls, enabling an adversary with knowledge of an investigation ID to alter details such as the investigation's name, description, and status. The vulnerability is located in the Flowsint API, specifically within the investigations route.

Impact

Exploitation of this vulnerability allows for unauthorized modification of investigation metadata, potentially leading to the introduction of false information.

Reproduction

To reproduce this vulnerability, first create two user accounts: one for the victim and one for the adversary. The adversary must then update the metadata of an investigation created by the victim, using the investigation ID to target the specific case. This can be done by sending a PUT request to the Flowsint API's investigations endpoint, including the new metadata in the request payload.

Remediation

Users are advised to update to Flowsint version 1.2.3 or later, where this vulnerability has been fixed.