CVE-2023-50974

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jan 9, 2024

Updated: Jan 12, 2024

CWE ID 798

Summary

CVE-2023-50974 is a vulnerability affecting Appwrite CLI versions prior to 3.0.0. The issue lies in the handling of user credentials. When using the login command, the Appwrite user's credentials are saved in a ~/.appwrite/prefs.json file with permissive UNIX permissions of 0644. Consequently, any local user can access these sensitive credentials, potentially leading to unauthorized access to the Appwrite application. This vulnerability poses a significant risk and requires immediate attention for those using affected versions of Appwrite CLI.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t1o9Ra
https://www.cve.org/CVERecord?id=CVE-2023-50974
https://nvd.nist.gov/vuln/detail/CVE-2023-50974

Back to Vulnerability Database

CVE-2023-50974

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations