Medium
CVSS 4.3
Overview
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint.
CVE-2022-38299
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to con...
Risk analysis
This vulnerability is rated 🟡 MEDIUM.
- CVSS: 4.3 (MEDIUM)
- Detected tags: none (tag impact: LOW)
Recommended actions:
- Prioritize remediation based on business criticality and exposure.
- Limit exposure and increase monitoring until fixed.