CVE-2023-29010

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 2.4.3

Description Budibase is a low code platform for creating internal tools, workflows, and admin panels. The issue can lead to an attacker gaining access to a Budibase AWS secret key due to Server-Side Request Forgery. Self-host users who run Budibase on the public internet and are using a cloud provider that allows HTTP access to metadata information should ensure that when they deploy Budibase live, their internal metadata endpoint is not exposed.

Recommendations For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, self-host users should ensure their internal metadata endpoint is not exposed when deploying Budibase live.