Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs
Vulnerability Description
Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256 hashes of admin email domains for reconnaissance and targeted attack planning.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Appsmith 访问控制错误漏洞
Vulnerability Description
Appsmith是Appsmith开源的一个用于构建、部署和维护内部应用程序的开源平台。 Appsmith 1.98之前版本存在访问控制错误漏洞,该漏洞源于未经验证的实例管理API端点暴露,可能导致配置元数据、许可证信息和哈希值泄露。
CVSS Information
N/A
Vulnerability Type
N/A