Lucene search
K

154 matches found

CVE
CVE
added 2022/09/12 9:49 p.m.62 views

CVE-2022-38299

Summary : CVE-2022-38299 affects Appsmith v1.7.11 via its Elasticsearch plugin, where the underlying issue allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. The NVD entry assigns a CVSSv3.1 base score of 4.3 (Network, Low attack complexity, Low privileges, no...

4.3CVSS4.6AI score0.00483EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/12 9:49 p.m.21 views

CVE-2022-38298

Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint...

9.1AI score0.00616EPSS
Exploits0References1
OSV
OSV
added 2022/09/12 9:49 p.m.15 views

CVE-2022-38298

Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint...

8.8CVSS7.3AI score0.00616EPSS
Exploits0References3
CVE
CVE
added 2022/09/12 9:49 p.m.69 views

CVE-2022-38298

CVE-2022-38298 affects Appsmith v1.7.11, enabling an authenticated Server-Side Request Forgery (SSRF) by redirecting incoming requests to the AWS internal metadata endpoint. The CVSSv3.1 data indicates high impact on confidentiality, integrity, and availability (base score 8.8). The provided docu...

8.8CVSS8.8AI score0.00616EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/12 12:0 a.m.6 views

PT-2022-24348 · Appsmith · Appsmith

Name of the Vulnerable Software and Affected Versions: Appsmith version 1.7.11 Description: The issue allows attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint. This is achieved by exploiting a vulnerabili...

8.8CVSS8.6AI score0.00616EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/12 12:0 a.m.6 views

Appsmith 代码问题漏洞

Appsmith is an open source platform for building, deploying and maintaining on-premise applications from Appsmith Open Source. A security vulnerability exists in Appsmith version v1.7.11 that stems from a vulnerability that allows an attacker to perform authenticated server-side request forgery...

8.8CVSS7.9AI score0.00616EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/12 12:0 a.m.8 views

Appsmith 安全漏洞

Appsmith is an open source platform for building, deploying and maintaining on-premise applications from Appsmith Open Source. A security vulnerability exists in Appsmith version v1.7.11, which stems from an issue in the Elasticsearch plugin that allows an attacker to connect unallowed hosts to...

4.3CVSS5.1AI score0.00483EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/12 12:0 a.m.5 views

PT-2022-24349 · Appsmith +1 · Appsmith +1

Name of the Vulnerable Software and Affected Versions: Appsmith version 1.7.11 Description: An issue in the Elasticsearch plugin allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. Recommendations: For Appsmith version 1.7.11, consider disabling the Elasticsear...

4.3CVSS4.5AI score0.00483EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/09/05 3:15 a.m.3 views

CVE-2022-39824

Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak...

8.9CVSS6.2AI score0.0091EPSS
Exploits1References3
Prion
Prion
added 2022/09/05 3:15 a.m.21 views

Design/Logic Flaw

Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak...

6CVSS8.8AI score0.0091EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/09/05 2:54 a.m.16 views

CVE-2022-39824

Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak...

8.9CVSS7.8AI score0.0091EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/09/05 2:54 a.m.33 views

CVE-2022-39824

Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak...

9.2AI score0.0091EPSS
Exploits1References2
CVE
CVE
added 2022/09/05 2:54 a.m.65 views

CVE-2022-39824

CVE-2022-39824 (Appsmith) : The provided documents confirm a server-side JavaScript injection vulnerability in Appsmith up to version 1.7.14, exploitable via the currentItem property of the list widget. The underlying issue allows remote attackers to run arbitrary JavaScript on the server, leadin...

8.9CVSS8.9AI score0.0091EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.5 views

Appsmith 跨站脚本漏洞

Appsmith is an open source platform from Appsmith Open Source for building, deploying and maintaining internal applications. A security vulnerability exists in Appsmith version 1.7.14, which originates from server-side JavaScript injection and allows remote attackers to execute arbitrary JavaScri...

8.9CVSS8.6AI score0.0091EPSS
Exploits1References3
Rows per page
Query Builder