A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the server processes incoming data using pickle deserialization via `pickle.loads()` on `connection.recv()`, making it vulnerable to remote code execution. This issue is fixed in version 0.14.0.
The RPC server in RagFlow uses a hardcoded AuthKey with the value 'infiniflow-token4kevinhu', which an attacker can easily obtain and use to join group communication without any restrictions. After gaining access, the attacker sends crafted data to the server, which is then processed by the `pickle.loads()` function on data received via `connection.recv()`. Deserialization of untrusted data using pickle (CWE-502) allows embedding arbitrary code in the payload that is executed on the server side.
An unauthenticated remote attacker can execute arbitrary code on the server, leading to complete system compromise, data theft, and violation of confidentiality, integrity, and availability of the service.
Update Infiniflow RagFlow to version 0.14.0, in which the issue has been fixed according to the manufacturer's information.
Infiniflow RagFlow in version v0.12.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HInfiniflow Ragflow
APPInfiniflow0.12.0 – 0.14.0 (bez)
Related vulnerabilities
Zip Slip RCE w RAGFlow — nadpisanie plików przez złośliwe archiwum ZIP
Przejęcie konta w RAGFlow poprzez brute-force kodów weryfikacyjnych
Infiniflow RAGflow: SSRF, Arbitrary File Read i RCE w funkcji web_crawl
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-...
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of...