112 matches found
Server side request forgery (ssrf)
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint...
CVE-2022-38299
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint...
CVE-2022-38299
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint...
Appsmith 代码问题漏洞
Appsmith is an open source platform for building, deploying and maintaining on-premise applications from Appsmith Open Source. A security vulnerability exists in Appsmith version v1.7.11 that stems from a vulnerability that allows an attacker to perform authenticated server-side request forgery...
PT-2022-24348 · Appsmith · Appsmith
Name of the Vulnerable Software and Affected Versions: Appsmith version 1.7.11 Description: The issue allows attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint. This is achieved by exploiting a vulnerabili...
PT-2022-24349 · Appsmith +1 · Appsmith +1
Name of the Vulnerable Software and Affected Versions: Appsmith version 1.7.11 Description: An issue in the Elasticsearch plugin allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. Recommendations: For Appsmith version 1.7.11, consider disabling the Elasticsear...
CVE-2021-3062
An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to...
PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users
An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to...
Design/Logic Flaw
In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials...
CVE-2018-1197
In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials...
CVE-2018-1197
In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials...
CVE-2018-1197: GCP Metadata Endpoint Accessible from Application Containers on Windows | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Windows Stemcells All versions prior to 1200.14 Description Apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this...