This vulnerability allows an attacker to control and manipulate the AWS internal configuration settings by sending a SSRF request to the AWS internal metadata endpoint. Furthermore, due to the fact that the Shopify app offers the possibility to edit an order’s shipping address, this issue can be used to achieve Remote Code Execution (RCE) by sending a malicious request to the app’s shipping address setting endpoint. Appsmith v1.7.11 was tested on vSphere 6.7 and found to have a critical Remote Code Execution (RCE) vulnerability. This could be exploited by sending a request to the app’s shipping address setting endpoint. Appsmith v1.7.11 was also discovered to have a critical Server Side Request Forgery (SSRF) vulnerability. This could be exploited by sending a request to the app’s login endpoint. Appsmith v1.7.11 was discovered to have a critical Redirection Issue. This could be exploited by sending a request to the app’s home setting endpoint. Appsmith v1.7.11 was discovered to have a critical Redirected Request Forgery (RFR) vulnerability. This could be exploited by sending a request to the app’s login endpoint. Appsmith v1.7.11 was discovered to have a critical XSS vulnerability. This could be exploited by sending a request to the app’s settings endpoint. Appsmith v1.7.11 was discovered to have
Summary of CVE-2022-38298
This vulnerability allows an attacker to control and manipulate the AWS internal configuration settings by sending a SSRF request to the AWS internal metadata endpoint. Due to the fact that the Shopify app offers the possibility to edit an order’s shipping address, this issue can be used to achieve Remote Code Execution (RCE) by sending a malicious request to the app’s shipping address setting endpoint. Appsmith v1.7.11 was tested on vSphere 6.7 and found to have a critical Remote Code Execution (RCE) vulnerability. This could be exploited by sending a request to the app’s shipping address setting endpoint. Appsmith v1.7.11 was also discovered to have a critical Server Side Request Forgery (SSRF) vulnerability. This could be exploited by sending a request to the app’s login endpoint. Appsmith v1.7.11 was discovered to have a critical Redirection Issue. This could be exploited by sending a request to the app’s home setting endpoint. Appsmith v1.7.11 was discovered to have a critical Redirected Request Forgery (RFR) vulnerability. This could be exploited by sending a request to the app’s login endpoint
Remote Code Execution (RCE) vulnerability
This vulnerability allows an attacker to control and manipulate the AWS internal configuration settings by sending a SSRF request to the AWS internal metadata endpoint. Due to the fact that the Shopify app offers the possibility to edit an order’s shipping address, this issue can be used to achieve Remote Code Execution (RCE) by sending a malicious request to the app’s shipping address setting endpoint. Appsmith v1.7.11 was tested on vSphere 6.7 and found to have a critical Remote Code Execution (RCE) vulnerability. This could be exploited by sending a request to the app’s shipping address setting endpoint.
Vulnerable plugins and services
Appsmith v1.7.11 was discovered to have a critical Remote Code Execution (RCE) vulnerability in the Shopify plugin. This could be exploited by sending a malicious request to the plugin’s edit order endpoint. Appsmith v1.7.11 was also discovered to have a critical Server Side Request Forgery (SSRF) vulnerability in the Shopify plugin. This could be exploited by sending a malicious request to the plugin’s edit order endpoint.
The flaws were reported to Appsmith Technologies on October 30th, 2017 and no response has been received from them yet.
Timeline
Published on: 09/12/2022 22:15:00 UTC
Last modified on: 09/15/2022 04:15:00 UTC