CVE-2024-55965
📋 TL;DR
Appsmith versions before 1.51 have an incorrect access control vulnerability where users with 'App Viewer' permissions can view development information (specifically datasource lists) in workspaces they belong to. This affects all Appsmith deployments with multiple user roles where 'App Viewer' users have been invited to workspaces. While sensitive credentials aren't exposed, this reveals internal application architecture details.
💻 Affected Systems
- Appsmith
📦 What is this software?
Appsmith by Appsmith
⚠️ Risk & Real-World Impact
Worst Case
Attackers with App Viewer access could map internal application architecture, identify potential attack surfaces, and use this information to plan further attacks against exposed datasources or APIs.
Likely Case
Internal users with limited permissions gain visibility into development resources they shouldn't see, potentially learning about internal systems and data flows they're not authorized to know.
If Mitigated
With proper network segmentation and access controls, the impact is limited to information disclosure about datasource names/types without exposing actual credentials or data.
🎯 Exploit Status
Exploitation requires authenticated access as an App Viewer user, then simply navigating to workspace areas that should be restricted.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.51 and later
Vendor Advisory: https://github.com/appsmithorg/appsmith/security/advisories/GHSA-794x-gm8v-2wj6
Restart Required: Yes
Instructions:
1. Backup your Appsmith instance. 2. Update to Appsmith version 1.51 or later using your deployment method (Docker, Kubernetes, etc.). 3. Restart the Appsmith service/container. 4. Verify the fix by testing App Viewer permissions.
🔧 Temporary Workarounds
Restrict App Viewer Workspace Access
allRemove App Viewer users from workspaces containing sensitive development information until patching is complete.
Use Appsmith admin interface to modify user workspace permissions
🧯 If You Can't Patch
- Review and minimize App Viewer user assignments to workspaces
- Implement network-level restrictions to limit App Viewer access to production environments only
🔍 How to Verify
Check if Vulnerable:
1. Log in as an App Viewer user. 2. Navigate to a workspace you have access to. 3. Check if you can view datasource lists in development areas. If visible, you're vulnerable.Check Version:
docker exec <container_name> cat /opt/appsmith/rts/version.txt || check Appsmith admin panel version displayVerify Fix Applied:
After updating to 1.51+, repeat the vulnerable check steps. App Viewer users should no longer see datasource lists in workspace development areas.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns from App Viewer accounts to development endpoints
- Multiple failed permission checks followed by successful datasource list requests
Network Indicators:
- App Viewer role accounts accessing /api/v1/datasources endpoints they shouldn't have permissions for
SIEM Query:
source="appsmith" AND (user_role="app_viewer" OR user_role="viewer") AND (url_path="/api/v1/datasources" OR url_path="/api/v1/workspaces/*/datasources")