VYPR
Unrated severityNVD Advisory· Published Apr 6, 2023· Updated Feb 10, 2025

BudiBase Server-Side Request Forgery vulnerability

CVE-2023-29010

Description

Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action. Self-host users who run Budibase on the public internet and are using a cloud provider that allows HTTP access to metadata information should ensure that when they deploy Budibase live, their internal metadata endpoint is not exposed.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Budibase/Budibasellm-fuzzy2 versions
    <2.4.3+ 1 more
    • (no CPE)range: <2.4.3
    • (no CPE)range: < 2.4.3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.