Flowise Cross-Workspace Template Takeover Vulnerability via Mass Assignment

A vulnerability in Flowise prior to version 3.1.2 allows for cross-workspace template takeover through mass assignment in the CustomTemplate creation and update processes. The issue arises because the application does not properly validate which fields can be overwritten, allowing authenticated users to manipulate workspace-specific data and disrupt workspace isolation. This flaw can be exploited by any user with permission to edit custom templates, potentially leading to unauthorized access and modification rights in another workspace.

Impact

Exploitation of this vulnerability allows for unauthorized cross-workspace data access and manipulation, with the affected custom template being transferred to another workspace's marketplace, where it can be accessed and used by members of that workspace.

Reproduction

To reproduce this vulnerability, an authenticated user must first create a custom template in their workspace or use an existing one. The user then sends a request to update the template, including a workspace ID from a different workspace. The request is processed without proper validation, overwriting the template's workspace ID and transferring ownership to the other workspace.

Remediation

Users should update to Flowise version 3.1.2 or later, where this vulnerability has been patched.