/api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just of a chatflow UUID can retrieve credentials stored in password type fields and HTTP headers, leading to credential theft and more.

Knowledge of chatflow UUID can be obtained from embedded chat widgets, referrer headers or logs and it's the only prerequest.

getSinglePublicChatbotConfig function in packages/server/src/services/chatflows/index.ts returns the full flowData object without authorization check or data sanitization.

There is a comment as "Safe as public endpoint as chatbotConfig doesn't contain sensitive credential" but flowData does contain sensitive data such as:

type: 'password' fields are stored in plaintext (unstructuredAPIKey in S3File node). HTTP Authorization headers in POST / GET Requests nodes. Internal API endpoints and webhook URLs.

Response:

{
 "flowData": "{..."unstructuredAPIKey":"victim key"..."requestsPostHeaders":"Bearer victim token"...}"
}

Impacts all Flowise Cloud users with chatflows containing password type fields or any HTTP headers. And self hosted Flowise instances exposed to the internet.