Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Advisory and patch confirm no auth (PR:N); attacker writes arbitrary objects in third-party buckets (S:C, I:H), with limited confidentiality and storage-abuse availability impact.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionNVD
The application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require authentication, table permission, datasource permission, or builder access. A public caller who knows a workspace ID and S3 datasource ID can request a signed upload URL for attacker-controlled bucket and key values.
Details
The static route registers the signed upload URL endpoint with only recaptcha before the controller:
packages/server/src/api/routes/static.ts:44-48
44: .post(
45: "/api/attachments/:datasourceId/url",
46: recaptcha,
47: controller.getSignedUploadURL
48: )The controller loads the datasource by datasourceId with enriched secret values:
packages/server/src/api/controllers/static/index.ts:590-598
590:export const getSignedUploadURL = async function (
591: ctx: Ctx<GetSignedUploadUrlRequest, GetSignedUploadUrlResponse>
592:) {
593: // Ensure datasource is valid
594: let datasource
595: try {
596: const { datasourceId } = ctx.params
597: datasource = await sdk.datasources.get(datasourceId, { enriched: true })
598: if (!datasource) {The request body controls bucket and key, and the server signs a PUT URL using the stored datasource credentials:
packages/server/src/api/controllers/static/index.ts:609-629
609: if (datasource?.source === "S3") {
610: const { bucket, key } = ctx.request.body || {}
611: if (!bucket || !key) {
612: ctx.throw(400, "bucket and key values are required")
613: }
614: try {
615: let endpoint = datasource?.config?.endpoint
616: if (endpoint && !utils.urlHasProtocol(endpoint)) {
617: endpoint = `https://${endpoint}`
618: }
619: const s3 = new S3({
620: region: awsRegion,
621: endpoint: endpoint,
622: credentials: {
623: accessKeyId: datasource?.config?.accessKeyId as string,
624: secretAccessKey: datasource?.config?.secretAccessKey as string,
625: },
626: })
627: const params = { Bucket: bucket, Key: key }
628: signedUrl = await getSignedUrl(s3, new PutObjectCommand(params))
629: if (endpoint) {The endpoint returns the signed URL and public URL to the caller:
packages/server/src/api/controllers/static/index.ts:630-639
630: publicUrl = `${endpoint}/${bucket}/${key}`
631: } else {
632: publicUrl = `https://${bucket}.s3.${awsRegion}.amazonaws.com/${key}`
633: }
634: } catch (error: any) {
635: ctx.throw(400, error)
636: }
637: }
638:
639: ctx.body = { signedUrl, publicUrl }Because no authorization middleware is applied, the API trusts public input to choose where the stored S3 credentials will write.
PoC
Non-destructive validation approach:
- Create or identify a workspace with an S3 datasource.
- Obtain the production workspace ID and S3 datasource ID.
- Send an unauthenticated request with the workspace ID header and attacker-controlled bucket/key:
POST /api/attachments/<datasourceId>/url HTTP/1.1
x-budibase-app-id: app_<workspace-id>
content-type: application/json
{"bucket":"attacker-controlled-or-permitted-bucket","key":"poc/budibase.txt"}- Observe that the response contains a signed PUT URL.
- Upload harmless content to the returned
signedUrland confirm the object is created using the datasource's stored S3 credentials.
Impact
This allows unauthenticated arbitrary object writes wherever the stored S3 datasource credentials have PutObject access. Depending on the datasource permissions, this can corrupt application data, overwrite public assets, place attacker-controlled objects in trusted buckets, consume storage, or abuse an organization's cloud credentials.
AnalysisAI
Unauthenticated arbitrary S3 object write in Budibase server (npm/@budibase/server before 3.39.2) lets any remote caller who learns a workspace ID and S3 datasource ID obtain attacker-chosen PutObject presigned URLs signed with the workspace's stored AWS credentials. The /api/attachments/:datasourceId/url route is gated only by reCAPTCHA - no authentication, builder role, or datasource permission check - so an unauthenticated attacker can write arbitrary objects to any bucket the stored credentials can reach. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires (1) network reachability to the Budibase server's /api/attachments/:datasourceId/url endpoint, (2) knowledge of a valid workspace/app ID (passed via x-budibase-app-id header - not a secret, often discoverable from app URLs), (3) knowledge of an S3 datasource ID within that workspace (small ID space, brute-forceable), and (4) the targeted workspace must have an S3-source datasource configured with stored accessKeyId/secretAccessKey. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The published CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L, 7.4) is internally inconsistent with the description: PR:L implies the attacker must hold some privilege, but both the advisory text and the patch (which adds authorized(BUILDER) and a 401 test) confirm the endpoint was reachable with no authentication - PR:N is the more accurate choice. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker discovers an internet-reachable self-hosted Budibase instance, harvests a workspace (app) ID from any public-facing app URL, and enumerates the small S3 datasource ID space until /api/attachments/<datasourceId>/url returns a signedUrl. They then PUT a malicious HTML/JS payload to a public-asset bucket the organization trusts (defacement, watering-hole) or write large objects to inflate the victim's storage bill; the advisory's PoC walks through exactly this flow non-destructively. |
| Remediation | Vendor-released patch: @budibase/server 3.39.2 - upgrade immediately, as the fix adds authorized(BUILDER) to the /api/attachments/:datasourceId/url route (see PR https://github.com/Budibase/budibase/pull/18774 and commit https://github.com/Budibase/budibase/commit/d9dbb7f6105373cc88ecacdbcab70c776f7dd6a1). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Budibase deployments by version and identify those using S3 datasources. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39912
GHSA-jj36-r9w3-3pfh