Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step
Summary An unauthenticated attacker can achieve Remote Code Execution RCE on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint. No authentication is required to trigger the exploit. The process executes as root inside the container. Details...