Directory traversal

The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. This pathname is automatically created if...

Appwrite Security Vulnerabilities

Appwrite is Appwrite open source an end-to-end backend server . Used to package into a set of Docker microservices for web, mobile, native or backend applications. A security vulnerability exists in Appwrite versions 0.5.0 through 0.12.2, which stems from an ACME-challenge endpoint that allows...

PT-2024-11533 · Appwrite · Appwrite

Name of the Vulnerable Software and Affected Versions: Appwrite versions 0.5.0 through 0.12.x before 0.12.2 Description: The issue allows remote attackers to read arbitrary local files via ../ directory traversal in the "ACME-challenge" endpoint. This vulnerability requires the existence of APP...

CVE-2022-25377

Summary : Multiple sources (Red Hat, Veracode, OSV, GHSA, NVD mirrors) confirm a directory-traversal flaw in Appwrite’s ACME-challenge endpoint. Affected versions : Appwrite 0.5.0 through 0.12.x before 0.12.2. The vulnerability requires the path APP_STORAGE_CERTIFICATES/.well-known/acme-challenge...

CVE-2022-25377

The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. This pathname is automatically created if...

CVE-2024-1063

Appwrite = v1.4.13 is affected by a Server-Side Request Forgery SSRF via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159...

CVE-2024-1063

Appwrite = v1.4.13 is affected by a Server-Side Request Forgery SSRF via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159...

Server side request forgery (ssrf)

Appwrite = v1.4.13 is affected by a Server-Side Request Forgery SSRF via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159...

CVE-2024-1063

Appwrite = v1.4.13 is affected by a Server-Side Request Forgery SSRF via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159...

CVE-2024-1063

The issue is an SSRF in Appwrite via /v1/avatars/favicon visible in multiple sources. Affected product: Appwrite versions up to 1.4.13; root cause linked to an incomplete fix of CVE-2023-27159. Impact described as potential access to internal resources and data via crafted requests. Remediation: ...

CVE-2024-1063

Appwrite = v1.4.13 is affected by a Server-Side Request Forgery SSRF via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159...

Appwrite Code Issue Vulnerability

Appwrite is Appwrite open source an end-to-end backend server . It is used to package web, mobile, native or backend applications as a set of Docker microservices. A security vulnerability exists in Appwrite v1.4.13 and earlier versions, which stems from a discovery via the /v1/avatars/favicon...

Apprite CLI makes Use of Hard-coded Credentials

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

appw (>=0.0.1 <=0.0.2), appwrite-sync (=0.4.5) +8 more potentially affected by CVE-2023-50974 via appwrite (>=0.10.0 <=2.0.2)

appwrite PYPI version =0.10.0, =0.0.1, =0.1.0, =1.1.5, =0.0.36, =0.1.0, =0.1.4, =1.0.0, =2.0.1 - views-stepshifter =1.1.0 Source cves: CVE-2023-50974 Source advisory: OSV:GHSA-G777-CRP9-M27G...

GHSA-G777-CRP9-M27G Apprite CLI makes Use of Hard-coded Credentials

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

CVE-2023-50974

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

CVE-2023-50974

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

PYSEC-2024-2

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

appw (>=0.0.1 <=0.0.2), appwrite-sync (=0.4.5) +8 more potentially affected by CVE-2023-50974 via appwrite (>=0.10.0 <=2.0.2)

appwrite PYPI version =0.10.0, =0.0.1, =0.1.0, =1.1.5, =0.0.36, =0.1.0, =0.1.4, =1.0.0, =2.0.1 - views-stepshifter =1.1.0 Source cves: CVE-2023-50974 Source advisory: OSV:PYSEC-2024-2...

Command injection

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...