CVE-2022-38298

Name of the Vulnerable Software and Affected Versions Appsmith version 1.7.11

Description The issue allows attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint. This is achieved by exploiting a vulnerability in the Appsmith application.

Recommendations For Appsmith version 1.7.11, consider restricting access to the AWS internal metadata endpoint as a temporary workaround until a patch is available. Avoid using the vulnerable endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.