CVE-2023-50974

low-risk
Published 2024-01-09

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Command Line Interface

Affected Vendors

Appwrite

References (4)

Product https://appwrite.io/docs/tooling/command-line/installation
Exploit https://gist.github.com/SkypLabs/72ee00ecfa7d1a3494e2d69a24279c1d
Product https://appwrite.io/docs/tooling/command-line/installation
Exploit https://gist.github.com/SkypLabs/72ee00ecfa7d1a3494e2d69a24279c1d
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal