78 matches found
Command injection
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...
CVE-2023-50974
CVE-2023-50974 affects Appwrite CLI prior to 3.0.0. The login command stores the Appwrite user’s credentials in ~/.appwrite/prefs.json with 0644 permissions, allowing any local system user to read them. Red Hat and OSV references corroborate the same description. Remediation: upgrade Appwrite CLI...
CVE-2023-50974
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...
CVE-2023-50974
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...
PT-2024-14035 · Appwrite · Appwrite Cli
Name of the Vulnerable Software and Affected Versions: Appwrite CLI versions prior to 3.0.0 Description: The issue arises when using the login command in Appwrite CLI, where the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. This allows...
Appwrite Security Vulnerabilities
Appwrite is Appwrite open source an end-to-end backend server . It is used to package web, mobile, native or backend applications as a set of Docker microservices. A security vulnerability exists in the Appwrite CLI prior to version 3.0.0, which stems from the fact that when the login command is...
Appwrite Server-Side Request Forgery
The version of Appwrite installed on the remote contain a Server-Side Request Forgery SSRF vulnerability via the component '/v1/avatars/faviconhost'. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
VulnCheck KEV: CVE-2023-27159
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...
GHSA-HXGX-584X-VWM8 Appwrite Server-Side Request Forgery vulnerability
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...
Appwrite Server-Side Request Forgery vulnerability
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...
CVE-2023-27159
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...
CVE-2023-27159
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...
Server side request forgery (ssrf)
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...
CVE-2023-27159
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...
CVE-2023-27159
Appwrite
Server-Side Request Forgery (SSRF)
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...
Appwrite 代码问题漏洞
Appwrite is Appwrite open source an end-to-end backend server . Used to package into a set of Docker microservices for web, mobile, native or backend applications. A security vulnerability exists in Appwrite v1.2.1 and earlier versions , which stems from the discovery of a contained server-side...
CVE-2023-27159
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...
PT-2023-6603 · Appwrite · Appwrite
Name of the Vulnerable Software and Affected Versions: Appwrite versions up to v1.2.1 Description: The issue is related to insufficient validation of incoming requests in the /v1/avatars/favicon component of the Appwrite backend platform for developing mobile and web applications. This allows a...
GHSA-5FFJ-MPH5-C5HV Appwrite Vulnerable to Cross-site Scripting
Appwrite is vulnerable to stored cross-site scripting in usernames, function names, storage bucket names, and database collection names...