Information Disclosure in Appsmith Affects Workspace Data Access
CVE-2024-55604

4.8MEDIUM

Key Information:

Vendor: Appsmithorg
Status: Appsmith
Vendor: CVE Published:; 25 March 2025

🔔 Create Appsmithorg Vulnerability Alert

What is CVE-2024-55604?

An information disclosure vulnerability exists in Appsmith that allows users with the role of 'App Viewer' to access a list of datasources in a workspace they belong to. This oversight in permissions can enable unauthorized users to gather non-sensitive data about the workspace setup, undermining the expected access restrictions for viewers. As of version 1.51, this issue has been resolved, ensuring that app viewers will no longer have access to such information. Users are advised to update their instances of Appsmith to the latest version to safeguard against this vulnerability.

Affected Version(s)

appsmith < 1.51

References

https://github.com/appsmithorg/appsmith/security/advisori...

x_refsource_CONFIRM

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Dec 9, 2024

JSON