CVE-2024-51408

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 4, 2024
Updated: Nov 6, 2024
CWE ID 918

Summary

CVE-2024-51408 is a newly disclosed vulnerability affecting AppSmith Community version 1.8.3 and older. This issue permits Server Side Request Forgery (SSRF) attacks, allowing malicious actors to make unauthorized requests to AWS metadata servers using application/json requests with a new DataSource. The vulnerability exposes potential AWS metadata credentials, posing a significant security risk. This flaw can be exploited by an attacker to gain unauthorized access to sensitive information or perform unauthorized actions on AWS resources. Organizations using the affected version of AppSmith Community are advised to update as soon as possible to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share