Описание
An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not expose sensitive data in the datasources, such as database passwords and API Keys.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.51 (исключая)
cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00184
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 6.5
github
11 месяцев назад
An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not expose sensitive data in the datasources, such as database passwords and API Keys.
EPSS
Процентиль: 40%
0.00184
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863