150 matches found
CVE-2024-55964
CVE-2024-55964 — Appsmith RCE : A misconfigured PostgreSQL instance in the Appsmith image (pre-1.52) enables remote command execution inside the Appsmith Docker container. To exploit, an attacker must access Appsmith, log in, create a datasource, craft a query against that datasource, and execute...
CVE-2024-55604
Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a...
CVE-2024-55604 Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources
Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a...
CVE-2024-55604
Appsmith prior to v1.51 contains an access-control flaw where users invited as an App Viewer can query the list of datasources in a workspace they belong to. The underlying issue is restricted to development information exposure, not the actual credentials; no sensitive data in datasources is rep...
CVE-2024-55604 Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources
Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a...
CVE-2024-55604 Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources
Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a...
CVE-2024-55963: Unauthenticated RCE in Default-Install of Appsmith
The post CVE-2024-55963: Unauthenticated RCE in Default-Install of Appsmith appeared first on Rhino Security Labs...
PT-2025-12805 · Appsmith · Appsmith
Name of the Vulnerable Software and Affected Versions: Appsmith versions prior to 1.51 Description: The issue concerns an information disclosure where users invited as "App Viewer" can access development information of a workspace, specifically getting a list of datasources. This does not expose...
PT-2025-12811 · Appsmith · Appsmith
Name of the Vulnerable Software and Affected Versions: Appsmith versions prior to 1.51 Description: An issue was discovered in Appsmith where a user without admin permissions can trigger the restart API, causing a server restart. This is due to incorrect access control checks, which should check...
Appsmith 安全漏洞
Appsmith is an open source platform for building, deploying, and maintaining internal applications from Appsmith Open Source. A security vulnerability exists in Appsmith versions prior to 1.51, which stems from App Viewer's ability to obtain a list of data sources in the workspace, potentially...
CVE-2022-4096
Server-Side Request Forgery SSRF in GitHub repository appsmithorg/appsmith prior to 1.8.2...
CVE-2024-51408
AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...
BIT-APPSMITH-2024-51408
AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...
CVE-2024-51408
AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...
CVE-2024-51408
AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...
PT-2024-34622 · Appsmith · Appsmith
Name of the Vulnerable Software and Affected Versions: AppSmith Community versions 1.8.3 through 1.46 Description: The issue allows for Server-Side Request Forgery SSRF via the New DataSource feature for application/json requests to the IP address 169.254.169.254, which is used to retrieve AWS...
Appsmith 安全漏洞
Appsmith is an open source platform for building, deploying, and maintaining on-premise applications from Appsmith Open Source. A security vulnerability exists in Appsmith prior to version 1.46 that stems from the retrieval of AWS metadata credentials via cross-site request forgery...
CVE-2024-51408
AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...
CVE-2024-51408
AppSmith Community before version 1.46 is vulnerable to SSRF via the New DataSource feature when making application/json requests to 169.254.169.254 to retrieve AWS metadata credentials. This can allow an attacker to trigger internal requests and access sensitive AWS metadata information. Root ca...
CVE-2024-51408
AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...