Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
n8n Improper File Access Controls Allow Arbitrary File Read by Authenticated Users
Vulnerability Description
n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance. This issue has been patched in versions 1.123.18 and 2.5.0.
CVSS Information
N/A
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
n8n 安全漏洞
Vulnerability Description
n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.123.18之前版本和2.5.0之前版本存在安全漏洞,该漏洞源于文件访问控制不当,可能导致读取敏感文件、凭据泄露和账户接管。
CVSS Information
N/A
Vulnerability Type
N/A