CVE-2024-51408
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-51408 is a newly disclosed vulnerability affecting AppSmith Community version 1.8.3 and older. This issue permits Server Side Request Forgery (SSRF) attacks, allowing malicious actors to make unauthorized requests to AWS metadata servers using application/json requests with a new DataSource. The vulnerability exposes potential AWS metadata credentials, posing a significant security risk. This flaw can be exploited by an attacker to gain unauthorized access to sensitive information or perform unauthorized actions on AWS resources. Organizations using the affected version of AppSmith Community are advised to update as soon as possible to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.