CVE-2024-55963

EPSS 24.26%
Veröffentlicht 26.03.2025 20:15:21
Zuletzt bearbeitet 01.04.2025 16:34:41
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only, but there is a denial of service because it can be continually restarted. This is due to incorrect access control checks, which should check for super user permissions on the incoming request.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Appsmith ≫ Appsmith Version < 1.51

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	24.26%	0.959

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/appsmithorg/appsmith/security/advisories/GHSA-6mc8-hw5c-7qqr

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-55963

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-55963

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-55963

EUVD