GHSA-jh8h-6c9q-7gmw: n8n has an Authentication Bypass in its Chat Trigger Node
When the Chat Trigger node is configured with n8n User Auth authentication, the authentication check could be circumvented.
- This issue requires the Chat Trigger node to be configured with n8n User Auth authentication (non-default).
References
- github.com/advisories/GHSA-jh8h-6c9q-7gmw
- github.com/n8n-io/n8n
- github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a
- github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6
- github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e
- github.com/n8n-io/n8n/security/advisories/GHSA-jh8h-6c9q-7gmw
Code Behaviors & Features
Detect and mitigate GHSA-jh8h-6c9q-7gmw with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →