AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.
References
Link | Resource |
---|---|
https://github.com/appsmithorg/appsmith/pull/29286 | Issue Tracking |
https://github.com/appsmithorg/appsmith/releases/tag/v1.46 | Release Notes |
https://github.com/jahithoque/Vulnerability-Research/tree/main/CVE-2024-51408 | Exploit |
Configurations
History
06 Nov 2024, 22:06
Type | Values Removed | Values Added |
---|---|---|
First Time |
Appsmith appsmith
Appsmith |
|
CPE | cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:* | |
References | () https://github.com/appsmithorg/appsmith/pull/29286 - Issue Tracking | |
References | () https://github.com/appsmithorg/appsmith/releases/tag/v1.46 - Release Notes | |
References | () https://github.com/jahithoque/Vulnerability-Research/tree/main/CVE-2024-51408 - Exploit | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
05 Nov 2024, 22:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-918 | |
Summary |
|
04 Nov 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-04 14:15
Updated : 2024-11-06 22:06
NVD link : CVE-2024-51408
Mitre link : CVE-2024-51408
CVE.ORG link : CVE-2024-51408
JSON object : View
Products Affected
appsmith
- appsmith
CWE
CWE-918
Server-Side Request Forgery (SSRF)