{"vulnerability": "cve-2024-55604", "sightings": [{"uuid": "e4581119-79f6-4a27-834c-0fa3cb934c75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55604", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8662", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-55604\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as \"App Viewer\" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a list of datasources in a workspace they're a member of. This information disclosure does NOT expose sensitive data in the datasources, such as database passwords and API Keys. The attacker needs to have been invited to a workspace as a \"viewer\", by someone in that workspace with access to invite. The attacker then needs to be able to signup/login to that Appsmith instance. The issue is patched in version 1.51. No known workarounds are available.\n\ud83d\udccf Published: 2025-03-25T14:15:05.339Z\n\ud83d\udccf Modified: 2025-03-25T14:15:05.339Z\n\ud83d\udd17 References:\n1. https://github.com/appsmithorg/appsmith/security/advisories/GHSA-794x-gm8v-2wj6", "creation_timestamp": "2025-03-25T14:24:13.000000Z"}, {"uuid": "aff14f95-9212-43c9-8477-bf89c5747382", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-55604", "type": "seen", "source": "https://t.me/cvedetector/21107", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55604 - Appsmith Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-55604 \nPublished : March 25, 2025, 3:15 p.m. | 46\u00a0minutes ago \nDescription : Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as \"App Viewer\" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a list of datasources in a workspace they're a member of. This information disclosure does NOT expose sensitive data in the datasources, such as database passwords and API Keys. The attacker needs to have been invited to a workspace as a \"viewer\", by someone in that workspace with access to invite. The attacker then needs to be able to signup/login to that Appsmith instance. The issue is patched in version 1.51. No known workarounds are available. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T17:49:15.000000Z"}]}