Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint.
References
Link | Resource |
---|---|
https://github.com/appsmithorg/appsmith/pull/15782 | Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-09-12T21:49:54
Updated: 2022-09-12T21:49:54
Reserved: 2022-08-15T00:00:00
Link: CVE-2022-38298
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-12T22:15:08.650
Modified: 2022-09-15T04:15:50.547
Link: CVE-2022-38298
JSON object: View
Redhat Information
No data.
CWE