The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade n8n to version 2.27.4, 2.28.1 or higher.
n8n is a n8n Workflow Automation Tool
Affected versions of this package are vulnerable to User Impersonation via the token-exchange identity-resolution service in packages/cli/src/modules/token-exchange/services/identity-resolution.service.ts. An attacker can authenticate as another user by presenting a valid token from one trusted issuer whose JWT sub matches a victim account created under a different trusted issuer. The token-exchange flow resolves local identities using the subject claim alone instead of pairing it with the issuer, so instances that trust more than one external issuer can map two different upstream accounts to the same local account. This lets the attacker access the victim’s n8n account and its data and actions with the victim’s permissions.
Notes
Workarounds