Lucene search
K

150 matches found

CVE
CVE
added 2025/03/26 12:0 a.m.105 views

CVE-2024-55964

CVE-2024-55964 — Appsmith RCE : A misconfigured PostgreSQL instance in the Appsmith image (pre-1.52) enables remote command execution inside the Appsmith Docker container. To exploit, an attacker must access Appsmith, log in, create a datasource, craft a query against that datasource, and execute...

9.8CVSS7.5AI score0.06268EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2025/03/25 3:15 p.m.16 views

CVE-2024-55604

Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a...

4.8CVSS0.00233EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/25 2:15 p.m.19 views

CVE-2024-55604 Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources

Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a...

4.8CVSS0.00233EPSS
Exploits0References1
CVE
CVE
added 2025/03/25 2:15 p.m.90 views

CVE-2024-55604

Appsmith prior to v1.51 contains an access-control flaw where users invited as an App Viewer can query the list of datasources in a workspace they belong to. The underlying issue is restricted to development information exposure, not the actual credentials; no sensitive data in datasources is rep...

4.8CVSS6.5AI score0.00233EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/25 2:15 p.m.12 views

CVE-2024-55604 Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources

Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a...

4.8CVSS6.5AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2025/03/25 2:15 p.m.5 views

CVE-2024-55604 Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources

Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a...

4.8CVSS5.9AI score0.00426EPSS
Exploits0References3
Rhino Security Labs
Rhino Security Labs
added 2025/03/25 1:0 p.m.19 views

CVE-2024-55963: Unauthenticated RCE in Default-Install of Appsmith

The post CVE-2024-55963: Unauthenticated RCE in Default-Install of Appsmith appeared first on Rhino Security Labs...

6.5CVSS7.3AI score0.27733EPSS
Exploits5
Positive Technologies
Positive Technologies
added 2025/03/25 12:0 a.m.9 views

PT-2025-12805 · Appsmith · Appsmith

Name of the Vulnerable Software and Affected Versions: Appsmith versions prior to 1.51 Description: The issue concerns an information disclosure where users invited as "App Viewer" can access development information of a workspace, specifically getting a list of datasources. This does not expose...

4.8CVSS5.9AI score0.00233EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/03/25 12:0 a.m.4 views

PT-2025-12811 · Appsmith · Appsmith

Name of the Vulnerable Software and Affected Versions: Appsmith versions prior to 1.51 Description: An issue was discovered in Appsmith where a user without admin permissions can trigger the restart API, causing a server restart. This is due to incorrect access control checks, which should check...

6.5CVSS8.1AI score0.27733EPSS
Exploits5References30
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.4 views

Appsmith 安全漏洞

Appsmith is an open source platform for building, deploying, and maintaining internal applications from Appsmith Open Source. A security vulnerability exists in Appsmith versions prior to 1.51, which stems from App Viewer's ability to obtain a list of data sources in the workspace, potentially...

4.8CVSS6.2AI score0.00233EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 8:19 p.m.8 views

CVE-2022-4096

Server-Side Request Forgery SSRF in GitHub repository appsmithorg/appsmith prior to 1.8.2...

8.8CVSS6.7AI score0.01435EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:17 a.m.4 views

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

8.5CVSS5.9AI score0.00472EPSS
Exploits1References1
OSV
OSV
added 2024/11/07 7:7 a.m.10 views

BIT-APPSMITH-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

8.5CVSS7.3AI score0.00472EPSS
Exploits1References4
NVD
NVD
added 2024/11/04 2:15 p.m.17 views

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

8.5CVSS0.00472EPSS
Exploits1References3
OSV
OSV
added 2024/11/04 2:15 p.m.9 views

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

6.5CVSS6.8AI score0.00472EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.5 views

PT-2024-34622 · Appsmith · Appsmith

Name of the Vulnerable Software and Affected Versions: AppSmith Community versions 1.8.3 through 1.46 Description: The issue allows for Server-Side Request Forgery SSRF via the New DataSource feature for application/json requests to the IP address 169.254.169.254, which is used to retrieve AWS...

8.5CVSS6.9AI score0.00472EPSS
Exploits1References13
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.4 views

Appsmith 安全漏洞

Appsmith is an open source platform for building, deploying, and maintaining on-premise applications from Appsmith Open Source. A security vulnerability exists in Appsmith prior to version 1.46 that stems from the retrieval of AWS metadata credentials via cross-site request forgery...

8.5CVSS6.6AI score0.00472EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/11/04 12:0 a.m.10 views

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

8.5CVSS7.2AI score0.00472EPSS
Exploits1References3
CVE
CVE
added 2024/11/04 12:0 a.m.69 views

CVE-2024-51408

AppSmith Community before version 1.46 is vulnerable to SSRF via the New DataSource feature when making application/json requests to 169.254.169.254 to retrieve AWS metadata credentials. This can allow an attacker to trigger internal requests and access sensitive AWS metadata information. Root ca...

8.5CVSS7.2AI score0.00472EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/11/04 12:0 a.m.19 views

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

8.5CVSS0.00472EPSS
Exploits1References3
Rows per page
Query Builder