제출 #791920: Langflow <= 1.8.3 Information Disclosure정보

제목	Langflow <= 1.8.3 Information Disclosure
설명	# Technical Details An Information Disclosure vulnerability exists in Langflow. The application fails to properly redact sensitive credentials when exporting flow JSON files due to flawed logic in the `remove_api_keys` utility. The application only strips values if the field is marked as `password=True` AND its name strictly contains "api" AND ("key" or "token"). If a sensitive field is just named `password`, `secret_value`, or `db_password`, the redaction logic is completely bypassed, leaking the plain-text secret. # Vulnerable Code File: `src/backend/base/langflow/api/utils/core.py` Method: `remove_api_keys()` and helper `has_api_terms()` Why: Custom or generic sensitive fields (like database passwords or unrelated secrets) that do not match the restrictive `has_api_terms` naming heuristic are ignored by the redactor, even if they are explicitly flagged with `password=True` in the schema. # Reproduction 1. An attacker (or regular user) creates a flow containing a sensitive field (e.g. named "password") with `password=True`. 2. The user stores a highly sensitive string such as "SUPER_SECRET_VALUE" in this field. 3. The user downloads the flow using the API (`POST /api/v1/flows/download/`). 4. The downloaded JSON file reveals the raw plain-text secret "SUPER_SECRET_VALUE", as the `remove_api_keys` function wrongly decided to leave it intact. # Impact - Exposure of Sensitive Information: Database credentials, third-party service secrets, and other confidential data are leaked in exported JSON files. - Unauthorized actors gaining access to these flow exports can extract plaintext credentials and pivot to attack integrated external infrastructure.
원천	⚠️ https://gist.github.com/chenhouser2025/b93261c6e651f14800a4f2e4365f357b
사용자	Eric-d (UID 96861)
제출	2026. 03. 28. PM 02:36 (23 날 ago)
모더레이션	2026. 04. 19. PM 03:47 (22 days later)
상태	수락
VulDB 항목	358232 [langflow-ai langflow 까지 1.8.3 Flow Using API core.py remove_api_keys/has_api_terms 권한 상승]
포인트들	20

◂ 이전 개요 다음 ▸

Interested in the pricing of exploits?

See the underground prices here!