Horizon Alert
Summary of the vulnerability and why it matters
This advisory concerns a critical security vulnerability in the Appsmith platform, which is used for building internal tools and dashboards. The vulnerability, if exploited, could allow an authenticated user to gain full control over the platform's reverse proxy, potentially impacting its availability and integrity. The main concern is confirming the relevance and exposure of this platform within the organization.
- Unauthenticated admin access to a proxy.
- Allows takeover of internal tool infrastructure.
- Confirm if Appsmith is deployed and relevant.
Attack Path
How an attacker could exploit the issue
An attacker with low-privileged access to the Appsmith platform can exploit a Server-Side Request Forgery (SSRF) vulnerability. This SSRF allows the attacker to send requests to the platform's internal Caddy reverse-proxy, which is not protected by authentication by default. By manipulating Caddy's configuration, the attacker can then fully control the reverse proxy, potentially leading to a complete takeover.
- Entry: Authenticated low-privileged user.
- Trigger: Server-Side Request Forgery.
- Risk: Full reverse proxy takeover.
Live Threat
Current exploitation, exposure, and threat context
The Caddy reverse-proxy's admin API, when accessible internally by the Appsmith server process or via a Server-Side Request Forgery (SSRF) vulnerability, could allow an authenticated, low-privileged user to alter the proxy's configuration. This could lead to full control over the reverse proxy.
- Reverse proxy configuration.
- Via SSRF or internal access.
- Control of reverse proxy.
Operational Fix
Recommended remediation, mitigation, and detection steps
The Appsmith platform's bundled Caddy reverse-proxy is affected by a vulnerability allowing authenticated users to take over the reverse proxy. Platform or infrastructure teams managing Appsmith deployments are likely responsible for remediation. The first practical step involves identifying all Appsmith instances, confirming their reachability and business criticality, and then planning remediation based on identified risk.
- Platform or infrastructure teams own the issue.
- Verify Appsmith instance reachability and business criticality.
- Plan remediation and coordinate with the Appsmith vendor.