GHSA-hmg2-jjjx-jcp2: FlowiseAI: Vector Store No Permission Checks

FlowiseAI's OpenAI Assistants Vector Store endpoints lack permission checks, allowing any authenticated user to create, modify, delete, or upload files to vector stores regardless of their assigned role. This missing authorization (CWE-306, a security weakness where critical functions don't verify user permissions) has a severity score of about 8.1, meaning attackers with basic access could steal or destroy data.