CVE-2024-55963

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.51

Description An issue was discovered in Appsmith where a user without admin permissions can trigger the restart API, causing a server restart. This is due to incorrect access control checks, which should check for super user permissions on the incoming request. The impact is limited to Appsmith's own server, but there is a denial of service because it can be continually restarted. Additionally, a misconfigured PostgreSQL database included by default allows unauthenticated remote code execution.

Recommendations For versions prior to 1.51, update to version 1.52 or later to resolve the issue. As a temporary workaround, consider restricting access to the restart API endpoint to prevent unauthorized server restarts. Additionally, ensure that the PostgreSQL database is properly configured to prevent remote code execution.