Information Disclosure Vulnerability in Appsmith by Appsmith
CVE-2024-55965

6.5MEDIUM

Key Information:

Vendor: Appsmith
Status: Appsmith
Vendor: CVE Published:; 26 March 2025

What is CVE-2024-55965?

An issue was identified in Appsmith that affects users assigned the 'App Viewer' role, allowing them unintended access to development information within their workspace. Specifically, these users can view a list of data sources associated with the workspace, raising concerns around data exposure protocols. Importantly, while this does not compromise sensitive credentials or API keys, it highlights risks related to user permissions and workspace confidentiality.

References

https://github.com/appsmithorg/appsmith/security/advisori...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Dec 13, 2024

CVE-2024-55965 Data

JSON