Back

CVE-2024-42056

Aug. 22, 2024, 12:48 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Retool (self-hosted enterprise)

  • 3.18.1 - 3.40.0

Source

cve@mitre.org

Tags

cve@mitre.org
2024-08-22
CVE-2024-42056

CVE-2024-42056 details

Published : Aug. 22, 2024, 1:15 a.m.
Last Modified : Aug. 22, 2024, 12:48 p.m.

Description

Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://docs.retool.com/disclosures/cve-2024-42056 cve@mitre.org
https://docs.retool.com/releases cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.