GHSA-h3jj-5f3v-3685: n8n: Public API Execution Retry Authorization Bypass
The Public API endpoint for retrying executions authorized access using workflow:read rather than workflow:execute. An authenticated user with read-only access to a shared workflow could use the Public API to retry executions of that workflow, bypassing the intended permission boundary between read and execute access.
This issue affects instances where workflows are shared with other users or across projects.
References
Code Behaviors & Features
Detect and mitigate GHSA-h3jj-5f3v-3685 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →