Skip to main content

Appsmith CVE-2022-4096

MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2022-11-21 security@huntr.dev
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 21, 2022 - 15:15 nvd
MEDIUM 6.5

DescriptionNVD

Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.

AnalysisAI

Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. Affected products include: Appsmith. Version information: prior to 1.8.2..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2026-22794 CRITICAL POC
9.6 Jan 12

Appsmith before 1.93 allows attackers to control the Origin header value used as the base URL in password reset and emai

CVE-2022-39824 HIGH POC
8.9 Sep 05

Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code

CVE-2024-51408 MEDIUM POC
6.5 Nov 04

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to

CVE-2026-7299 MEDIUM POC
6.3 Jun 02

Stored XSS in Appsmith's SQL query editor autocomplete allows an authenticated Developer-role user to inject persistent

CVE-2026-55454 CRITICAL
9.9 Jun 24

Reverse-proxy takeover in Appsmith versions prior to 2.1 lets an authenticated low-privileged user abuse server-side req

CVE-2026-24042 CRITICAL
9.4 Jan 22

Appsmith platform version 1.94 and below has a missing authorization vulnerability that allows unauthenticated access to

CVE-2026-30862 CRITICAL
9.0 Mar 10

Appsmith platform prior to version 1.96 has a critical stored XSS enabling account takeover through crafted admin panel

CVE-2026-50189 HIGH
8.9 Jun 24

Authenticated command execution in Appsmith versions prior to 2.1 lets any administrator run arbitrary OS commands insid

CVE-2022-38298 HIGH
8.8 Sep 12

Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via re

CVE-2026-34411 MEDIUM
6.9 Mar 27

Appsmith versions prior to 1.98 allow unauthenticated remote attackers to access sensitive instance management API endpo

CVE-2024-55965 MEDIUM
6.5 Mar 26

An issue was discovered in Appsmith before 1.51. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploi

Share

CVE-2022-4096 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy