Server-Side Request Forgery in AppSmith Community Product by AppSmith
CVE-2024-51408

8.5HIGH

Key Information:

Vendor: Appsmith
Status: Appsmith
Vendor: CVE Published:; 4 November 2024

What is CVE-2024-51408?

A vulnerability in AppSmith Community versions prior to 1.46 allows attackers to exploit server-side request forgery (SSRF) via New DataSource for application/json requests to the local IP address 169.254.169.254. This access can potentially retrieve sensitive AWS metadata credentials, exposing critical information. Users of AppSmith are advised to update to the latest version to mitigate the risks associated with this vulnerability.

References

https://github.com/appsmithorg/appsmith/pull/29286

https://github.com/jahithoque/Vulnerability-Research/tree...

https://github.com/appsmithorg/appsmith/releases/tag/v1.46

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2024

CVE-2024-51408 Data

JSON

Appsmith

What is CVE-2024-51408?

References

CVSS V3.1

Timeline