Appsmith Developer Tool RCE Vulnerability >>>

multiple critical vulnerabilities discovered in Appsmith, a popular open-source developer platform for building internal applications. 
Most concerning is CVE-2024-55963, which allows unauthenticated attackers to execute arbitrary system commands on servers running default installations of Appsmith versions 1.20 through 1.51.
CVE-2024-55963 – Remote Code Execution as PostgreSQL userAppsmith, which helps organizations build dashboards, admin panels, and customer support tools, ships with a local PostgreSQL database intended for practice and learning purposes. 
Rhino Security Labs discovered this database was critically misconfigured in its default installation. 
The PostgreSQL authentication configuration file (pg_hba.conf) contained settings that allowed any local user to connect as any PostgreSQL user without requiring a password.
The vulnerability became exploitable because Appsmith’s default configuration allows new user signups. An attacker could register an account, create a workspace, add a new application, and then connect to the misconfigured local PostgreSQL database.
Once connected, the attacker could leverage PostgreSQL’s COPY FROM PROGRAM function to execute arbitrary system commands with the privileges of the PostgreSQL user.
Technical Exploitation PathThe proof-of-concept exploit demonstrated by researchers used the following SQL commands:
This simple sequence allowed attackers to create a temporary table, execute the Unix ‘cat’ command to read system files, retrieve the results, and remove evidence by dropping the table.
The security audit also revealed two other significant vulnerabilities:
CVE-2024-55964: An Insecure Direct Object Reference vulnerability allowed users with minimal “App Viewer” permissions to access SQL databases by exploiting predictable datasource IDs and the “/api/v1/datasources/[datasource-id]/schema-preview” API endpoint.
CVE-2024-55965: A Denial of Service vulnerability enabled users with limited permissions to repeatedly trigger application restarts via a broken access control in the restart API functionality.
Vulnerability ImpactThe combination of these vulnerabilities created a significant security risk for organizations using Appsmith. 
The most severe issue, CVE-2024-55963, essentially provided a path for complete system compromise from an unauthenticated position. Any attacker who discovered an organization’s Appsmith installation could potentially:
Register a user accountCreate a workspace and applicationConnect to the local PostgreSQL databaseExecute arbitrary system commandsGain persistent access to the underlying serveAppsmith has collaborated with Rhino Security Labs to address all three vulnerabilities:
CVE-2024-55963 (Remote Code Execution): Patched in version 1.52 with PR #37068, which hardened the PostgreSQL configuration and implemented password-based authentication for the internal database.

CVE-2024-55964 (IDOR): This was fixed in version 1.49 with PR #37308, adding proper role-based access controls to the vulnerable API endpoint.
CVE-2024-55965 (Denial of Service): Resolved in version 1.48 with PR #37227, implementing proper access control checks for the restart functionality.
Organizations running Appsmith instances should immediately upgrade to version 1.52 or later to protect against all identified vulnerabilities. 
The security researchers have published detailed technical analyses and detection tools, including Nuclei templates for scanning vulnerable instances.