Primary

Context

Appsmith Information Disclosure Vulnerability for App Viewers

Vulnerability

Patched

A vulnerability exists in Appsmith versions through 1.50, allowing users with the 'App Viewer' role to access development information, specifically a list of datasources, within workspaces they belong to. This access does not include sensitive data such as database passwords or API keys. The issue arises from improper access controls that permit viewers to query datasource information, which should be restricted.

Impact

Exploitation of this vulnerability leads to unauthorized access to datasource information within a workspace, although no sensitive data is exposed.

Remediation

Users can upgrade to Appsmith version 1.51 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Appsmith Information Disclosure Vulnerability for App Viewers

Vulnerability

Impact

Remediation

Affected Products

Appsmith

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating