CVE-2024-55964

{"id": "CVE-2024-55964", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-03-26T20:15:21.373", "references": [{"url": "https://github.com/appsmithorg/appsmith/security/advisories/GHSA-m95x-4w54-gc83", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Appsmith antes de la versi\u00f3n 1.52. Una instancia de PostgreSQL configurada incorrectamente en la imagen de Appsmith provoca la ejecuci\u00f3n remota de comandos dentro del contenedor Docker de Appsmith. El atacante debe poder acceder a Appsmith, iniciar sesi\u00f3n, crear una fuente de datos, crear una consulta en dicha fuente y ejecutarla."}], "lastModified": "2025-04-01T16:34:34.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A125C70-3942-4815-9376-0D1B6BA2BE9E", "versionEndExcluding": "1.52"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}