High severityNVD Advisory· Published Aug 27, 2024· Updated Sep 6, 2024

Flowise Authentication Bypass

CVE-2024-8181

Description

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
flowisenpm	<= 1.8.2	—

Affected products

Flowiseai/Flowisev5
Range: 1.8.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-2q4w-x8h2-2fvhghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-8181ghsaADVISORY
tenable.com/security/research/tra-2024-22-0ghsaWEB
tenable.com/security/research/tra-2024-33ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.049
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000