CVE-2024-55604

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.51

Description The issue concerns an information disclosure where users invited as "App Viewer" can access development information of a workspace, specifically getting a list of datasources. This does not expose sensitive data such as database passwords and API keys. An attacker must be invited to a workspace as a "viewer" and be able to sign up or log in to the Appsmith instance to exploit this issue.

Recommendations For versions prior to 1.51, update to version 1.51 to resolve the issue. As a temporary workaround, consider restricting access to development information for "App Viewer" roles until the update can be applied.