An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query.
An attacker who has access to an Appsmith instance and can log in is able to create a new data source pointing to an internal, misconfigured PostgreSQL instance. Then they create a query to this data source and execute it, which leads to running arbitrary system commands inside the Docker container. The vulnerability stems from improper configuration of the PostgreSQL server embedded directly in the Appsmith image, not from a vulnerability in the database engine itself.
A successful attack allows the attacker to execute arbitrary commands inside the Appsmith container, which may lead to container takeover, data leakage, and potential lateral movement in the containerized environment.
Appsmith must be updated to version 1.52 or newer. Detailed information is available in the official security advisory from the vendor: https://github.com/appsmithorg/appsmith/security/advisories/GHSA-m95x-4w54-gc83
Appsmith versions prior to 1.52 running as a Docker container (Appsmith image containing an embedded PostgreSQL instance)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAppsmith
APPAppsmith< 1.52
Related vulnerabilities
Appsmith: SSRF umożliwia przejęcie konfiguracji reverse proxy Caddy
Stored XSS w Appsmith Table Widget prowadzący do przejęcia konta admina
Appsmith: nieuwierzytelniony dostęp do akcji trybu edycji (brak autoryzacji)
Appsmith: przejęcie konta przez manipulację nagłówkiem Origin w linkach e-mail
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled...