Appsmith: unauthenticated RCE and denial of service via Restart API (CVE-2024-55963) #shorts

Summary

Welcome to today's podcast, where we delve into a significant security concern identified as CVE-2024-55963. This newly discovered vulnerability affects Appsmith, a platform for building workflow and CRUD-type applications, which poses a threat due to its potential for unauthenticated remote code execution and denial of service attacks.

Product details

Appsmith, the product impacted by this vulnerability, is widely used for its simplicity and flexibility in creating internal apps without extensive coding. However, versions up to 1.50 are susceptible to exploitation, turning what is typically a secure environment into a potential liability.

Vulnerability type summary

The identified vulnerability, CVE-2024-55963, primarily consists of two components. Firstly, there is an unauthenticated remote code execution (RCE) vulnerability that could allow attackers to execute arbitrary code within the Appsmith environment. Additionally, incorrect access control checks in the API allow non-admin users to trigger server restarts, leading to a denial of service (DoS) condition. Together, these issues can wreak havoc on the infrastructure by allowing unauthorized access and service disruptions.

Details of the vulnerability

This CVE was brought to light by security researchers at Rhino Security Labs, who identified the serious flaws in version 1.50 and earlier of Appsmith. An attacker can exploit these vulnerabilities through Appsmith's default installation settings, which do not require administrative privileges to access certain API endpoints. This oversight permits continuous server restarts through the Restart API and potential remote code execution without authentication, jeopardizing service availability and system security.

Conclusion

In closing, CVE-2024-55963 underscores the importance of robust security measures and regular software updates. Users of Appsmith, especially versions up to 1.50, should upgrade to version 1.51 or later to mitigate these risks. Vigilance and proactive updates are crucial to ensuring application integrity and preventing unauthorized exploitation of software vulnerabilities.

Watch the full video on YouTube: CVE-2024-55963

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-55963
Description
An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only, but there is a denial of service because it can be continually restarted. This is due to incorrect access control checks, which should check for super user permissions on the incoming request.
Provider
mitre
CWE / problem types
n/a
Affected Software Versions
n/a:n/a:[{'version': 'n/a', 'status': 'affected'}]
Date Published
2025-03-26T00:00:00.000Z
Last Updated
2025-03-27T13:36:32.205Z