A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, triggering a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only. This is due to incorrect access control checks, which should check for super user permissions on the incoming request.
No information loss or untrusted code execution happens.
The attacker should be able to access Appsmith, and login to it.
Impact
Denial of Service.
Patches
Fixed in v1.51.
Workarounds
None.
A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, triggering a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only. This is due to incorrect access control checks, which should check for super user permissions on the incoming request.
No information loss or untrusted code execution happens.
The attacker should be able to access Appsmith, and login to it.
Impact
Denial of Service.
Patches
Fixed in v1.51.
Workarounds
None.