n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer
A security vulnerability has been identified in n8n, an open-source workflow automation tool, that could allow attackers to log in as users from another issuer. The flaw, described as a token exchange issue, was reported by The Hacker News. The vulnerability potentially enables unauthorized access to user accounts by exploiting the token exchange process. No specific version numbers or CVE IDs were provided in the source. The consequence is that an attacker could impersonate a user from a different issuer, gaining access to that user's account and associated workflows. The source does not specify remediation steps or affected deployment configurations.
// why it matters
The flaw could let attackers impersonate users, compromising account security in n8n.