Vulnerability Details CVE-2024-55604
Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a list of datasources in a workspace they're a member of. This information disclosure does NOT expose sensitive data in the datasources, such as database passwords and API Keys. The attacker needs to have been invited to a workspace as a "viewer", by someone in that workspace with access to invite. The attacker then needs to be able to signup/login to that Appsmith instance. The issue is patched in version 1.51. No known workarounds are available.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.5%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2024-55604
-
cpe:2.3:a:appsmith:appsmith:0.0.1.30
-
cpe:2.3:a:appsmith:appsmith:0.1.10
-
cpe:2.3:a:appsmith:appsmith:0.1.11
-
cpe:2.3:a:appsmith:appsmith:0.1.12
-
cpe:2.3:a:appsmith:appsmith:0.1.13
-
cpe:2.3:a:appsmith:appsmith:0.1.14
-
cpe:2.3:a:appsmith:appsmith:0.1.15
-
cpe:2.3:a:appsmith:appsmith:0.1.16
-
cpe:2.3:a:appsmith:appsmith:0.1.17
-
cpe:2.3:a:appsmith:appsmith:0.1.18
-
cpe:2.3:a:appsmith:appsmith:0.1.19
-
cpe:2.3:a:appsmith:appsmith:0.1.20
-
cpe:2.3:a:appsmith:appsmith:0.1.21
-
cpe:2.3:a:appsmith:appsmith:0.1.22
-
cpe:2.3:a:appsmith:appsmith:0.1.23
-
cpe:2.3:a:appsmith:appsmith:0.1.24
-
cpe:2.3:a:appsmith:appsmith:0.1.25
-
cpe:2.3:a:appsmith:appsmith:0.1.26
-
cpe:2.3:a:appsmith:appsmith:0.1.27
-
cpe:2.3:a:appsmith:appsmith:0.1.28
-
cpe:2.3:a:appsmith:appsmith:0.1.29
-
cpe:2.3:a:appsmith:appsmith:0.1.31
-
cpe:2.3:a:appsmith:appsmith:0.1.32
-
cpe:2.3:a:appsmith:appsmith:0.1.33
-
cpe:2.3:a:appsmith:appsmith:0.1.34
-
cpe:2.3:a:appsmith:appsmith:0.1.35
-
cpe:2.3:a:appsmith:appsmith:0.1.36
-
cpe:2.3:a:appsmith:appsmith:0.1.37
-
cpe:2.3:a:appsmith:appsmith:0.1.38
-
cpe:2.3:a:appsmith:appsmith:0.1.6.23
-
cpe:2.3:a:appsmith:appsmith:0.1.6.25
-
cpe:2.3:a:appsmith:appsmith:0.2
-
cpe:2.3:a:appsmith:appsmith:0.3
-
cpe:2.3:a:appsmith:appsmith:0.4
-
cpe:2.3:a:appsmith:appsmith:0.5
-
cpe:2.3:a:appsmith:appsmith:0.6
-
cpe:2.3:a:appsmith:appsmith:1.0
-
cpe:2.3:a:appsmith:appsmith:1.0.0
-
cpe:2.3:a:appsmith:appsmith:1.0.1
-
cpe:2.3:a:appsmith:appsmith:1.0.2
-
cpe:2.3:a:appsmith:appsmith:1.1
-
cpe:2.3:a:appsmith:appsmith:1.10
-
cpe:2.3:a:appsmith:appsmith:1.11
-
cpe:2.3:a:appsmith:appsmith:1.12
-
cpe:2.3:a:appsmith:appsmith:1.13
-
cpe:2.3:a:appsmith:appsmith:1.14
-
cpe:2.3:a:appsmith:appsmith:1.15
-
cpe:2.3:a:appsmith:appsmith:1.16
-
cpe:2.3:a:appsmith:appsmith:1.17
-
cpe:2.3:a:appsmith:appsmith:1.18
-
cpe:2.3:a:appsmith:appsmith:1.19
-
cpe:2.3:a:appsmith:appsmith:1.2
-
cpe:2.3:a:appsmith:appsmith:1.2.1
-
cpe:2.3:a:appsmith:appsmith:1.2.10
-
cpe:2.3:a:appsmith:appsmith:1.2.11
-
cpe:2.3:a:appsmith:appsmith:1.2.12
-
cpe:2.3:a:appsmith:appsmith:1.2.13
-
cpe:2.3:a:appsmith:appsmith:1.2.14
-
cpe:2.3:a:appsmith:appsmith:1.2.15
-
cpe:2.3:a:appsmith:appsmith:1.2.16
-
cpe:2.3:a:appsmith:appsmith:1.2.17
-
cpe:2.3:a:appsmith:appsmith:1.2.18
-
cpe:2.3:a:appsmith:appsmith:1.2.19
-
cpe:2.3:a:appsmith:appsmith:1.2.2
-
cpe:2.3:a:appsmith:appsmith:1.2.20
-
cpe:2.3:a:appsmith:appsmith:1.2.21
-
cpe:2.3:a:appsmith:appsmith:1.2.22
-
cpe:2.3:a:appsmith:appsmith:1.2.23
-
cpe:2.3:a:appsmith:appsmith:1.2.24
-
cpe:2.3:a:appsmith:appsmith:1.2.25
-
cpe:2.3:a:appsmith:appsmith:1.2.3
-
cpe:2.3:a:appsmith:appsmith:1.2.4
-
cpe:2.3:a:appsmith:appsmith:1.2.5
-
cpe:2.3:a:appsmith:appsmith:1.2.6
-
cpe:2.3:a:appsmith:appsmith:1.2.7
-
cpe:2.3:a:appsmith:appsmith:1.2.8
-
cpe:2.3:a:appsmith:appsmith:1.2.9
-
cpe:2.3:a:appsmith:appsmith:1.20
-
cpe:2.3:a:appsmith:appsmith:1.21
-
cpe:2.3:a:appsmith:appsmith:1.22.1
-
cpe:2.3:a:appsmith:appsmith:1.23
-
cpe:2.3:a:appsmith:appsmith:1.24
-
cpe:2.3:a:appsmith:appsmith:1.24.1
-
cpe:2.3:a:appsmith:appsmith:1.25
-
cpe:2.3:a:appsmith:appsmith:1.26
-
cpe:2.3:a:appsmith:appsmith:1.27
-
cpe:2.3:a:appsmith:appsmith:1.28
-
cpe:2.3:a:appsmith:appsmith:1.29
-
cpe:2.3:a:appsmith:appsmith:1.3
-
cpe:2.3:a:appsmith:appsmith:1.3.1
-
cpe:2.3:a:appsmith:appsmith:1.3.2
-
cpe:2.3:a:appsmith:appsmith:1.3.3
-
cpe:2.3:a:appsmith:appsmith:1.3.4
-
cpe:2.3:a:appsmith:appsmith:1.3.5
-
cpe:2.3:a:appsmith:appsmith:1.3.5.1
-
cpe:2.3:a:appsmith:appsmith:1.30
-
cpe:2.3:a:appsmith:appsmith:1.31
-
cpe:2.3:a:appsmith:appsmith:1.31.1
-
cpe:2.3:a:appsmith:appsmith:1.32
-
cpe:2.3:a:appsmith:appsmith:1.33
-
cpe:2.3:a:appsmith:appsmith:1.34
-
cpe:2.3:a:appsmith:appsmith:1.35
-
cpe:2.3:a:appsmith:appsmith:1.36
-
cpe:2.3:a:appsmith:appsmith:1.36.1
-
cpe:2.3:a:appsmith:appsmith:1.37
-
cpe:2.3:a:appsmith:appsmith:1.38
-
cpe:2.3:a:appsmith:appsmith:1.38.1
-
cpe:2.3:a:appsmith:appsmith:1.39
-
cpe:2.3:a:appsmith:appsmith:1.4
-
cpe:2.3:a:appsmith:appsmith:1.4.1
-
cpe:2.3:a:appsmith:appsmith:1.4.10
-
cpe:2.3:a:appsmith:appsmith:1.4.2
-
cpe:2.3:a:appsmith:appsmith:1.4.3
-
cpe:2.3:a:appsmith:appsmith:1.4.4
-
cpe:2.3:a:appsmith:appsmith:1.4.5
-
cpe:2.3:a:appsmith:appsmith:1.4.6
-
cpe:2.3:a:appsmith:appsmith:1.4.7
-
cpe:2.3:a:appsmith:appsmith:1.4.8
-
cpe:2.3:a:appsmith:appsmith:1.4.9
-
cpe:2.3:a:appsmith:appsmith:1.40
-
cpe:2.3:a:appsmith:appsmith:1.41
-
cpe:2.3:a:appsmith:appsmith:1.42
-
cpe:2.3:a:appsmith:appsmith:1.43
-
cpe:2.3:a:appsmith:appsmith:1.44
-
cpe:2.3:a:appsmith:appsmith:1.45
-
cpe:2.3:a:appsmith:appsmith:1.46
-
cpe:2.3:a:appsmith:appsmith:1.46.1
-
cpe:2.3:a:appsmith:appsmith:1.47
-
cpe:2.3:a:appsmith:appsmith:1.48
-
cpe:2.3:a:appsmith:appsmith:1.49
-
cpe:2.3:a:appsmith:appsmith:1.5
-
cpe:2.3:a:appsmith:appsmith:1.5.1
-
cpe:2.3:a:appsmith:appsmith:1.5.10
-
cpe:2.3:a:appsmith:appsmith:1.5.11
-
cpe:2.3:a:appsmith:appsmith:1.5.12
-
cpe:2.3:a:appsmith:appsmith:1.5.13
-
cpe:2.3:a:appsmith:appsmith:1.5.14
-
cpe:2.3:a:appsmith:appsmith:1.5.15
-
cpe:2.3:a:appsmith:appsmith:1.5.16
-
cpe:2.3:a:appsmith:appsmith:1.5.17
-
cpe:2.3:a:appsmith:appsmith:1.5.18
-
cpe:2.3:a:appsmith:appsmith:1.5.19
-
cpe:2.3:a:appsmith:appsmith:1.5.2
-
cpe:2.3:a:appsmith:appsmith:1.5.20
-
cpe:2.3:a:appsmith:appsmith:1.5.21
-
cpe:2.3:a:appsmith:appsmith:1.5.22
-
cpe:2.3:a:appsmith:appsmith:1.5.23
-
cpe:2.3:a:appsmith:appsmith:1.5.24
-
cpe:2.3:a:appsmith:appsmith:1.5.25
-
cpe:2.3:a:appsmith:appsmith:1.5.26
-
cpe:2.3:a:appsmith:appsmith:1.5.27
-
cpe:2.3:a:appsmith:appsmith:1.5.28
-
cpe:2.3:a:appsmith:appsmith:1.5.29
-
cpe:2.3:a:appsmith:appsmith:1.5.3
-
cpe:2.3:a:appsmith:appsmith:1.5.3.1
-
cpe:2.3:a:appsmith:appsmith:1.5.3.2
-
cpe:2.3:a:appsmith:appsmith:1.5.3.3
-
cpe:2.3:a:appsmith:appsmith:1.5.30
-
cpe:2.3:a:appsmith:appsmith:1.5.4
-
cpe:2.3:a:appsmith:appsmith:1.5.5
-
cpe:2.3:a:appsmith:appsmith:1.5.6
-
cpe:2.3:a:appsmith:appsmith:1.5.7
-
cpe:2.3:a:appsmith:appsmith:1.5.8
-
cpe:2.3:a:appsmith:appsmith:1.5.9
-
cpe:2.3:a:appsmith:appsmith:1.50
-
cpe:2.3:a:appsmith:appsmith:1.6.0
-
cpe:2.3:a:appsmith:appsmith:1.6.1
-
cpe:2.3:a:appsmith:appsmith:1.6.10
-
cpe:2.3:a:appsmith:appsmith:1.6.11
-
cpe:2.3:a:appsmith:appsmith:1.6.12
-
cpe:2.3:a:appsmith:appsmith:1.6.13
-
cpe:2.3:a:appsmith:appsmith:1.6.14
-
cpe:2.3:a:appsmith:appsmith:1.6.15
-
cpe:2.3:a:appsmith:appsmith:1.6.16
-
cpe:2.3:a:appsmith:appsmith:1.6.17
-
cpe:2.3:a:appsmith:appsmith:1.6.18
-
cpe:2.3:a:appsmith:appsmith:1.6.19
-
cpe:2.3:a:appsmith:appsmith:1.6.2
-
cpe:2.3:a:appsmith:appsmith:1.6.20
-
cpe:2.3:a:appsmith:appsmith:1.6.21
-
cpe:2.3:a:appsmith:appsmith:1.6.22
-
cpe:2.3:a:appsmith:appsmith:1.6.3
-
cpe:2.3:a:appsmith:appsmith:1.6.4
-
cpe:2.3:a:appsmith:appsmith:1.6.5
-
cpe:2.3:a:appsmith:appsmith:1.6.6
-
cpe:2.3:a:appsmith:appsmith:1.6.7
-
cpe:2.3:a:appsmith:appsmith:1.6.8
-
cpe:2.3:a:appsmith:appsmith:1.6.9
-
cpe:2.3:a:appsmith:appsmith:1.7.0
-
cpe:2.3:a:appsmith:appsmith:1.7.1
-
cpe:2.3:a:appsmith:appsmith:1.7.10
-
cpe:2.3:a:appsmith:appsmith:1.7.11
-
cpe:2.3:a:appsmith:appsmith:1.7.12
-
cpe:2.3:a:appsmith:appsmith:1.7.13
-
cpe:2.3:a:appsmith:appsmith:1.7.14
-
cpe:2.3:a:appsmith:appsmith:1.7.2
-
cpe:2.3:a:appsmith:appsmith:1.7.3
-
cpe:2.3:a:appsmith:appsmith:1.7.4
-
cpe:2.3:a:appsmith:appsmith:1.7.5
-
cpe:2.3:a:appsmith:appsmith:1.7.6
-
cpe:2.3:a:appsmith:appsmith:1.7.7
-
cpe:2.3:a:appsmith:appsmith:1.7.8
-
cpe:2.3:a:appsmith:appsmith:1.7.9
-
cpe:2.3:a:appsmith:appsmith:1.8.0
-
cpe:2.3:a:appsmith:appsmith:1.8.1
-
cpe:2.3:a:appsmith:appsmith:1.8.10
-
cpe:2.3:a:appsmith:appsmith:1.8.11
-
cpe:2.3:a:appsmith:appsmith:1.8.12
-
cpe:2.3:a:appsmith:appsmith:1.8.13
-
cpe:2.3:a:appsmith:appsmith:1.8.14
-
cpe:2.3:a:appsmith:appsmith:1.8.14.1
-
cpe:2.3:a:appsmith:appsmith:1.8.15
-
cpe:2.3:a:appsmith:appsmith:1.8.2
-
cpe:2.3:a:appsmith:appsmith:1.8.3
-
cpe:2.3:a:appsmith:appsmith:1.8.4
-
cpe:2.3:a:appsmith:appsmith:1.8.5
-
cpe:2.3:a:appsmith:appsmith:1.8.6
-
cpe:2.3:a:appsmith:appsmith:1.8.7
-
cpe:2.3:a:appsmith:appsmith:1.8.8
-
cpe:2.3:a:appsmith:appsmith:1.8.9
-
cpe:2.3:a:appsmith:appsmith:1.9.0
-
cpe:2.3:a:appsmith:appsmith:1.9.1
-
cpe:2.3:a:appsmith:appsmith:1.9.10
-
cpe:2.3:a:appsmith:appsmith:1.9.11
-
cpe:2.3:a:appsmith:appsmith:1.9.12
-
cpe:2.3:a:appsmith:appsmith:1.9.13
-
cpe:2.3:a:appsmith:appsmith:1.9.14
-
cpe:2.3:a:appsmith:appsmith:1.9.15
-
cpe:2.3:a:appsmith:appsmith:1.9.16
-
cpe:2.3:a:appsmith:appsmith:1.9.17
-
cpe:2.3:a:appsmith:appsmith:1.9.18
-
cpe:2.3:a:appsmith:appsmith:1.9.19
-
cpe:2.3:a:appsmith:appsmith:1.9.2
-
cpe:2.3:a:appsmith:appsmith:1.9.20
-
cpe:2.3:a:appsmith:appsmith:1.9.20.2
-
cpe:2.3:a:appsmith:appsmith:1.9.20.3
-
cpe:2.3:a:appsmith:appsmith:1.9.20.4
-
cpe:2.3:a:appsmith:appsmith:1.9.21
-
cpe:2.3:a:appsmith:appsmith:1.9.22
-
cpe:2.3:a:appsmith:appsmith:1.9.23
-
cpe:2.3:a:appsmith:appsmith:1.9.24
-
cpe:2.3:a:appsmith:appsmith:1.9.25
-
cpe:2.3:a:appsmith:appsmith:1.9.26
-
cpe:2.3:a:appsmith:appsmith:1.9.27
-
cpe:2.3:a:appsmith:appsmith:1.9.28
-
cpe:2.3:a:appsmith:appsmith:1.9.29
-
cpe:2.3:a:appsmith:appsmith:1.9.3
-
cpe:2.3:a:appsmith:appsmith:1.9.3.1
-
cpe:2.3:a:appsmith:appsmith:1.9.30
-
cpe:2.3:a:appsmith:appsmith:1.9.31
-
cpe:2.3:a:appsmith:appsmith:1.9.32
-
cpe:2.3:a:appsmith:appsmith:1.9.33
-
cpe:2.3:a:appsmith:appsmith:1.9.34
-
cpe:2.3:a:appsmith:appsmith:1.9.35
-
cpe:2.3:a:appsmith:appsmith:1.9.36
-
cpe:2.3:a:appsmith:appsmith:1.9.37
-
cpe:2.3:a:appsmith:appsmith:1.9.37.1
-
cpe:2.3:a:appsmith:appsmith:1.9.38
-
cpe:2.3:a:appsmith:appsmith:1.9.39
-
cpe:2.3:a:appsmith:appsmith:1.9.4
-
cpe:2.3:a:appsmith:appsmith:1.9.40
-
cpe:2.3:a:appsmith:appsmith:1.9.41
-
cpe:2.3:a:appsmith:appsmith:1.9.42
-
cpe:2.3:a:appsmith:appsmith:1.9.43
-
cpe:2.3:a:appsmith:appsmith:1.9.44
-
cpe:2.3:a:appsmith:appsmith:1.9.45
-
cpe:2.3:a:appsmith:appsmith:1.9.46
-
cpe:2.3:a:appsmith:appsmith:1.9.47
-
cpe:2.3:a:appsmith:appsmith:1.9.48
-
cpe:2.3:a:appsmith:appsmith:1.9.49
-
cpe:2.3:a:appsmith:appsmith:1.9.5
-
cpe:2.3:a:appsmith:appsmith:1.9.50
-
cpe:2.3:a:appsmith:appsmith:1.9.51
-
cpe:2.3:a:appsmith:appsmith:1.9.52
-
cpe:2.3:a:appsmith:appsmith:1.9.53
-
cpe:2.3:a:appsmith:appsmith:1.9.54
-
cpe:2.3:a:appsmith:appsmith:1.9.55
-
cpe:2.3:a:appsmith:appsmith:1.9.56
-
cpe:2.3:a:appsmith:appsmith:1.9.57
-
cpe:2.3:a:appsmith:appsmith:1.9.58
-
cpe:2.3:a:appsmith:appsmith:1.9.6
-
cpe:2.3:a:appsmith:appsmith:1.9.60
-
cpe:2.3:a:appsmith:appsmith:1.9.61
-
cpe:2.3:a:appsmith:appsmith:1.9.7
-
cpe:2.3:a:appsmith:appsmith:1.9.8
-
cpe:2.3:a:appsmith:appsmith:1.9.9