Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Privilege Escalation Vulnerability #2995

Merged
merged 1 commit into from
Jul 26, 2024
Merged

fix: Privilege Escalation Vulnerability #2995

merged 1 commit into from
Jul 26, 2024

Conversation

NadirJ
Copy link
Collaborator

@NadirJ NadirJ commented Jul 26, 2024
edited
Loading

Security Vulnerability: Privilege Escalation

Scenario: An activated LangFlow User can potentially leverage LF APIs to elevate to SuperUser role.

Fix: Enhanced permission validation on the impacted APIs.

@dosubot dosubot bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label Jul 26, 2024
@github-actions GitHub Actions
Copy link
Contributor

Pull Request Validation Report

This comment is automatically generated by Conventional PR

Whitelist Report

Whitelist Active Result
Pull request is a draft and should be ignored
Pull request is made by a whitelisted user and should be ignored
Pull request is submitted by a bot and should be ignored
Pull request is submitted by administrators and should be ignored

Result

Pull request does not satisfy any enabled whitelist criteria. Pull request will be validated.

Validation Report

Validation Active Result
All commits in this pull request has valid messages
Pull request does not introduce too many changes
Pull request has a valid title
Pull request has mentioned issues
Pull request has valid branch name
Pull request should have a non-empty body

Result

Pull request satisfies all enabled pull request rules.

Last Modified at 26 Jul 24 18:33 UTC

@github-actions github-actions bot added the bug Something isn't working label Jul 26, 2024
@aws-amplify-sa-east-1 AWS Amplify (sa-east-1)
Copy link

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-2995.dmtpw4p5recq1.amplifyapp.com

@github-actions github-actions bot added bug Something isn't working and removed bug Something isn't working labels Jul 26, 2024
ogabrielluiz
ogabrielluiz approved these changes Jul 26, 2024
View reviewed changes
Copy link
Contributor

@ogabrielluiz ogabrielluiz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Jul 26, 2024
@ogabrielluiz ogabrielluiz merged commit 1935d38 into main Jul 26, 2024
60 of 61 checks passed
@ogabrielluiz ogabrielluiz deleted the log_messages branch July 26, 2024 18:58
@NadirJ NadirJ changed the title fix: log messages fix: Privilege Escalation Vulnerability Jul 26, 2024
@github-actions github-actions bot added bug Something isn't working and removed bug Something isn't working labels Jul 26, 2024
nicoloboschi pushed a commit to datastax/ragstack-ai-langflow that referenced this pull request Jul 30, 2024
@NadirJ @nicoloboschi
fix: log messages (langflow-ai#2995)
a8ce1ed 
(cherry picked from commit 1935d38)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ogabrielluiz ogabrielluiz ogabrielluiz approved these changes

Assignees
No one assigned
Labels
bug Something isn't working lgtm This PR has been approved by a maintainer size:XS This PR changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@NadirJ @ogabrielluiz