CVE-2024-8181
published 2024-08-27CVE-2024-8181: An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an…
PriorityP188high8.1CVSS 3.1
AVNACLPRNUIRSUCHIHAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
46.11%
98.7th percentile
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flowiseai | flowise | — | — |
| flowiseai | flowise | 0 – 1.8.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
regex: '"apiKey":"([^"]+)"'
- →Authentication bypass is triggered by appending a whitelisted path (/api/v1/ping) as a query parameter to a restricted endpoint (/api/v1/apikey), causing the server to skip authentication checks. ↗
- →A successful exploit returns HTTP 200 with a JSON body containing both 'apiKey' and 'apiSecret' fields, indicating unauthenticated access to API key material. ↗
- →Requests to the bypass endpoint include the Referer header set to /document-stores, which may appear in access logs as a distinguishing indicator. ↗
- →Flowise instances can be fingerprinted on Shodan using favicon hash -2051052918 to identify exposed targets. ↗
- →FOFA query 'title:"Flowise"' can be used to identify internet-exposed Flowise instances potentially vulnerable to this bypass. ↗
- ·The vulnerability affects Flowise version 1.8.2 and below. Only instances with authentication enabled are meaningfully protected by patching; instances without authentication configured are unaffected by this specific bypass but remain openly exposed. ↗
- ·The EPSS score of 0.60842 (98.3rd percentile) indicates very high exploitation probability in the wild; prioritize detection and patching accordingly. ↗
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Flowise Authentication Bypass vulnerability
ghsa·2024-08-27
CVE-2024-8181 [HIGH] CWE-285 Flowise Authentication Bypass vulnerability
Flowise Authentication Bypass vulnerability
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.
OSV
Flowise Authentication Bypass vulnerability
osv·2024-08-27
CVE-2024-8181 [HIGH] Flowise Authentication Bypass vulnerability
Flowise Authentication Bypass vulnerability
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.
VulnCheck
FlowiseAI Flowise Improper Authentication
vulncheck·2024·CVSS 9.8
CVE-2024-8181 [CRITICAL] FlowiseAI Flowise Improper Authentication
FlowiseAI Flowise Improper Authentication
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.
Affected: FlowiseAI Flowise
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-09-29&host_type=src&vulnerability=cve-2024-8181; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-09-30&host_type=src&vulnerability=cve-2024-8181; https://dashboard.shadowserver.org/statistics/honeypot/vulnera
No detection rules found.
Nuclei
Flowise <= 1.8.2 Authentication Bypass
nuclei·CVSS 8.1
CVE-2024-8181 [HIGH] Flowise <= 1.8.2 Authentication Bypass
Flowise <= 1.8.2 Authentication Bypass
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.
Template:
id: CVE-2024-8181
info:
name: Flowise <= 1.8.2 Authentication Bypass
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.
impact: |
Unauthenticated attackers can bypass authentication to access administrative API endpoints, gaining unauthorized access to restricted functionality, API keys, a
No writeups or analysis indexed.
2024-08-27
Published
Exploited in the wild