Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Flowise - Weak Default Token Hash Secret in JWT Token Encryption
Vulnerability Description
Flowise before 3.1.0 (npm package flowise, versions 3.0.13 and earlier) uses a weak hardcoded default value 'Secre$t' for the TOKEN_HASH_SECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key used to encrypt user IDs and workspace IDs in the 'meta' field of JWT tokens. An attacker who knows the default secret can decrypt this metadata to extract internal user and workspace identifiers, and re-encrypt manipulated values such as altered user or workspace IDs. Because the JWT signature is validated separately, decrypting or tampering with this metadata does not by itself grant access, but the disclosure of internal identifiers and possible metadata manipulation could aid privilege escalation or unauthorized data access.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
FlowiseAI Flowise 信任管理问题漏洞
Vulnerability Description
FlowiseAI Flowise是FlowiseAI公司开源的一个用于轻松构建 LLM 应用程序的工具。 FlowiseAI Flowise 3.1.0之前版本和3.0.13及之前版本存在信任管理问题漏洞,该漏洞源于使用弱硬编码默认值“Secre$t”作为TOKEN_HASH_SECRET环境变量,可能导致获取内部标识符和操作元数据,有助于权限提升或未授权数据访问。
CVSS Information
N/A
Vulnerability Type
N/A