Description

Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a list of datasources in a workspace they're a member of. This information disclosure does NOT expose sensitive data in the datasources, such as database passwords and API Keys. The attacker needs to have been invited to a workspace as a "viewer", by someone in that workspace with access to invite. The attacker then needs to be able to signup/login to that Appsmith instance. The issue is patched in version 1.51. No known workarounds are available.

INFO

Published Date :

2025-03-25T14:15:05.339Z

Last Modified :

2025-03-25T14:44:39.532Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-55604 vulnerability.

Vendors Products
Appsmith
  • Appsmith
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-55604.

URL Resource
https://github.com/appsmithorg/appsmith/security/advisories/GHSA-794x-gm8v-2wj6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact