Filtered by vendor Budibase
Subscriptions
Filtered by product Budibase
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-3225 | 1 Budibase | 1 Budibase | 2024-08-03 | 8.8 High |
Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20. | ||||
CVE-2023-29010 | 1 Budibase | 1 Budibase | 2024-08-02 | 6.5 Medium |
Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action. Self-host users who run Budibase on the public internet and are using a cloud provider that allows HTTP access to metadata information should ensure that when they deploy Budibase live, their internal metadata endpoint is not exposed. |
Page 1 of 1.