Product
high
advisory
FlowiseAI Evaluation Cross-Workspace Data Takeover via Mass Assignment
2 rules 1 TTPFlowiseAI is vulnerable to a mass assignment vulnerability (fixed in PR 6050) that allows authenticated users to move Evaluation entities between workspaces by overwriting the `workspaceId` field via API request, leading to unauthorized data access.
flowise +1
mass-assignment
cross-workspace
privilege-escalation
2r
1t
high
threat
FlowiseAI Evaluator Cross-Workspace Takeover via Mass Assignment
2 rules 1 TTPFlowiseAI is vulnerable to a mass assignment vulnerability in the Evaluator controller/service, where an attacker can manipulate the `workspaceId` during evaluator creation or updates, leading to cross-workspace data takeover and IDOR.
flowise <= 3.1.1 +1
mass-assignment
idor
privilege-escalation
cloud
2r
1t