Primary

Context

Appsmith Information Disclosure Vulnerability for App Viewers

Vulnerability

Patched

A vulnerability in Appsmith versions through 1.50 allows users with the 'App Viewer' role to access a list of datasources in their workspace. This access violates the intended permissions for viewers, who should not have visibility into development components. While the vulnerability does not expose sensitive information such as database passwords or API keys, it still represents an unauthorized access issue. To exploit this vulnerability, a user must be invited to a workspace as a viewer and have the ability to sign up or log in to the Appsmith instance.

Impact

Exploitation of this vulnerability leads to unauthorized information disclosure, allowing viewers to access datasource lists in their workspaces.

Remediation

Users can upgrade to Appsmith version 1.51 or later to address this vulnerability. No additional workarounds are available.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Appsmith Information Disclosure Vulnerability for App Viewers

Vulnerability

Impact

Remediation

Affected Products

Appsmith

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating