VYPR

Retool

by Retool

CVEs (1)

  • CVE-2024-42056Aug 22, 2024
    risk 0.00cvss epss 0.00

    Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1.