How severe is CVE-2024-55604?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-55604?

This is classified as CWE-280, which is a common weakness in software security.

CVE-2024-55604 - MEDIUM Severity | CVSS N/A

Vulnerability Description

Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a list of datasources in a workspace they're a member of. This information disclosure does NOT expose sensitive data in the datasources, such as database passwords and API Keys. The attacker needs to have been invited to a workspace as a "viewer", by someone in that workspace with access to invite. The attacker then needs to be able to signup/login to that Appsmith instance. The issue is patched in version 1.51. No known workarounds are available.

Related Vulnerabilities

CVE-2024-46874

CRITICAL

CVSS:9.9(Critical)

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could is...

CWE-2802024

CVE-2024-24116

CRITICAL

CVSS:9.8(Critical)

An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.

CWE-2802024

CVE-2024-7314

CRITICAL

CVSS:9.8(Critical)

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrar...

CWE-2802024

CVE-2019-6570

HIGH

CVSS:8.8(High)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorizat...

CWE-2802019

CVE-2022-2193

HIGH

CVSS:8.8(High)

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in ...

CWE-2802022

CVE-2024-22078

HIGH

CVSS:8.8(High)

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem ...

CWE-2802024