Heym Authorization Bypass Vulnerability in Workflow Execution

A vulnerability allowing authorization bypass in workflow execution has been identified in Heym versions prior to 0.0.21. This vulnerability allows authenticated users to execute arbitrary workflows by referencing the UUIDs of victim workflows without proper access validation. Attackers can create workflows that include execute nodes or agent subWorkflowIds pointing to these victim UUIDs, thereby loading and executing the workflows along paths controlled by the attacker. This exploitation exposes the outputs of the victim workflows and triggers workflow nodes with unintended consequences.

Impact

Exploitation of this vulnerability allows for unauthorized execution of workflows, potentially leading to exposure of sensitive workflow outputs and activation of workflow nodes with unintended effects.

Reproduction

To reproduce this vulnerability, an authenticated user can create a workflow that includes nodes referencing the UUIDs of victim workflows. This can be done by using execute nodes or agent subWorkflowIds that point to the UUIDs of the targeted workflows. Once the workflow is executed, it will run under the attacker's control, accessing and manipulating the victim's workflow data.

Remediation

Users are advised to update to Heym version 0.0.21 or later, where this vulnerability has been addressed.