Flowise Mass Assignment Vulnerability Allows Cross-Workspace Assistant Takeover

A mass assignment vulnerability has been identified in Flowise, a user interface for building customized large language model flows. This issue, present in versions through 3.1.1, allows for cross-workspace assistant takeover by improperly handling workspace IDs during the creation and updating of assistant entities. The vulnerability arises because the application does not validate which fields can be overwritten, enabling authenticated users to manipulate assistant ownership and access across workspaces.

Impact

Exploitation of this vulnerability allows authenticated users to take over assistant entities from other workspaces, disrupting workspace boundaries and access controls. This could lead to unauthorized visibility and modification of sensitive assistant configurations, including LLM settings, instructions, tools, and credentials.

Reproduction

To reproduce this vulnerability, an authenticated user must first create an assistant in their workspace or use an existing one. The user can then send a request to update the assistant, including a workspace ID from a different workspace. The request will be processed as if it originated from the user's current workspace, but will transfer the assistant to the other workspace, bypassing access controls.

Remediation

Users can update to Flowise version 3.1.2 or later, where this vulnerability has been patched.