CVE-2024-55965

Medium CVSS: 6.5

An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not expose sensitive data in the datasources, such as database passwords and API Keys.

Vendor

Appsmith

Product

Appsmith

CWE

CWE-863

Yayın Tarihi

2025-03-26 21:15:23

Güncelleme

2025-07-08 17:35:30

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-863 Appsmith MEDIUM Appsmith 2025

Referanslar

https://github.com/appsmithorg/appsmith/security/advisories/GHSA-794x-gm8v-2wj6

Benzer Kayıtlar

Medium

CVE-2026-34411

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticat…

Critical

CVE-2026-30862

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulne…

Critical

CVE-2026-24042

Appsmith is a platform to build admin panels, internal tools, and dashboards. In versions 1.94 and below, publicly acces…

Critical

CVE-2026-22794

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin…

Medium

CVE-2024-55963

An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the…

Critical

CVE-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image lea…