Incorrectly configured Postgres in Appsmith image leads to remote command execution inside the Appsmith Docker container.
The attacker should be able to access Appsmith, login to it, create a datasource, create a query against that datasource and execute that query.
Impact
Code Execution and Information Disclosure.
Patches
v1.52
Workarounds
Disabling embedded Postgres by setting APPSMITH_ENABLE_EMBEDDED_DB=0 in the container's environment, and this vulnerability won't be possible.
Incorrectly configured Postgres in Appsmith image leads to remote command execution inside the Appsmith Docker container.
The attacker should be able to access Appsmith, login to it, create a datasource, create a query against that datasource and execute that query.
Impact
Code Execution and Information Disclosure.
Patches
v1.52
Workarounds
Disabling embedded Postgres by setting
APPSMITH_ENABLE_EMBEDDED_DB=0in the container's environment, and this vulnerability won't be possible.