CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.
Configurations

Configuration 1 (hide)

cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*

History

06 Nov 2024, 22:06

Type Values Removed Values Added
First Time Appsmith appsmith
Appsmith
CPE cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*
References () https://github.com/appsmithorg/appsmith/pull/29286 - () https://github.com/appsmithorg/appsmith/pull/29286 - Issue Tracking
References () https://github.com/appsmithorg/appsmith/releases/tag/v1.46 - () https://github.com/appsmithorg/appsmith/releases/tag/v1.46 - Release Notes
References () https://github.com/jahithoque/Vulnerability-Research/tree/main/CVE-2024-51408 - () https://github.com/jahithoque/Vulnerability-Research/tree/main/CVE-2024-51408 - Exploit
CVSS v2 : unknown
v3 : 8.5
v2 : unknown
v3 : 6.5

05 Nov 2024, 22:35

Type Values Removed Values Added
CWE CWE-918
Summary
  • (es) AppSmith Community 1.8.3 anterior a 1.46 permite SSRF a través de New DataSource para solicitudes de aplicación/json a 169.254.169.254 para recuperar credenciales de metadatos de AWS.

04 Nov 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-04 14:15

Updated : 2024-11-06 22:06


NVD link : CVE-2024-51408

Mitre link : CVE-2024-51408

CVE.ORG link : CVE-2024-51408


JSON object : View

Products Affected

appsmith

  • appsmith
CWE
CWE-918

Server-Side Request Forgery (SSRF)