Vulnerabilities > CVE-2022-38299 - Unspecified vulnerability in Appsmith 1.7.11
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |