Lucene search
K

112 matches found

Prion
Prion
added 2022/09/12 10:15 p.m.13 views

Server side request forgery (ssrf)

Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint...

6.5CVSS8.8AI score0.00616EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/12 9:49 p.m.23 views

CVE-2022-38299

An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint...

4.9AI score0.00483EPSS
Exploits0References1
OSV
OSV
added 2022/09/12 9:49 p.m.23 views

CVE-2022-38299

An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint...

4.3CVSS6.8AI score0.00483EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/12 12:0 a.m.6 views

Appsmith 代码问题漏洞

Appsmith is an open source platform for building, deploying and maintaining on-premise applications from Appsmith Open Source. A security vulnerability exists in Appsmith version v1.7.11 that stems from a vulnerability that allows an attacker to perform authenticated server-side request forgery...

8.8CVSS7.9AI score0.00616EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/12 12:0 a.m.5 views

PT-2022-24348 · Appsmith · Appsmith

Name of the Vulnerable Software and Affected Versions: Appsmith version 1.7.11 Description: The issue allows attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint. This is achieved by exploiting a vulnerabili...

8.8CVSS8.6AI score0.00616EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/12 12:0 a.m.5 views

PT-2022-24349 · Appsmith +1 · Appsmith +1

Name of the Vulnerable Software and Affected Versions: Appsmith version 1.7.11 Description: An issue in the Elasticsearch plugin allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. Recommendations: For Appsmith version 1.7.11, consider disabling the Elasticsear...

4.3CVSS4.5AI score0.00483EPSS
Exploits0References6
OSV
OSV
added 2021/11/10 5:15 p.m.4 views

CVE-2021-3062

An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to...

8.8CVSS7.3AI score0.00697EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2021/11/10 5:0 p.m.42 views

PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users

An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to...

8.8CVSS8.3AI score0.00697EPSS
Exploits0References1
Prion
Prion
added 2018/03/19 6:29 p.m.18 views

Design/Logic Flaw

In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials...

6CVSS8.3AI score0.00648EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/03/19 6:29 p.m.17 views

CVE-2018-1197

In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials...

8.5CVSS8.4AI score0.00648EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/03/19 6:0 p.m.19 views

CVE-2018-1197

In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials...

8.4AI score0.00648EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2018/02/22 12:0 a.m.32 views

CVE-2018-1197: GCP Metadata Endpoint Accessible from Application Containers on Windows | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Windows Stemcells All versions prior to 1200.14 Description Apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this...

8.5CVSS8.5AI score0.00648EPSS
Exploits0
Rows per page
Query Builder