Описание
An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.52 (исключая)
cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.67337
Средний
9.8 Critical
CVSS3
Дефекты
CWE-94
EPSS
Процентиль: 99%
0.67337
Средний
9.8 Critical
CVSS3
Дефекты
CWE-94