4 matches found
Design/Logic Flaw
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint...
Server side request forgery (ssrf)
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint...
CVE-2022-38299
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint...
CVE-2022-38298
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint...