Remote Authentication Bypass Vulnerability
CVE-2024-8181

8.1HIGH

Key Information:

Vendor: Flowiseai
Status: Flowise
Vendor: CVE Published:; 27 August 2024

What is CVE-2024-8181?

An authentication bypass vulnerability exists in Flowise version 1.8.2, enabling a remote attacker to exploit API endpoints without authentication. This flaw allows unauthorized users to gain administrative access, potentially leading to manipulation of restricted functionalities and sensitive data exposure. Organizations using this version are urged to apply immediate measures to mitigate this significant risk.

Affected Version(s)

Flowise 1.8.2

References

https://tenable.com/security/research/tra-2024-33

EPSS Score

71% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 27, 2024
Vulnerability Reserved
Aug 26, 2024

Flowiseai

What is CVE-2024-8181?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline