Hello Appsmith Community!
This post is an important announcement and recommended actions, please read it carefully. We'll like to inform of two newly disclosed security vulnerabilities that may impact your environment and require immediate attention.
1. ingress-nginx for Kubernetes
As detailed in a recent Wiz security report, these vulnerabilities may expose Kubernetes environments to potential unauthorized access or privilege escalation. It is strongly recommended that all users upgrade to the latest version of ingress-nginx as soon as possible to ensure your environments remain secure. If an upgrade cannot be completed right away, see the link for mitigation steps.
2. Appsmith (CVE-2024-55963)
In addition, a critical remote code execution (RCE) vulnerability has been identified in Appsmith, as reported by Rhino Security Labs. This vulnerability affects all Appsmith versions prior to 1.52 and can be exploited without authentication, posing a severe security risk. If you are running a version earlier than 1.52, you should upgrade immediately to the 1.62 version.
Recommended Actions:
- Review the full disclosures for each vulnerability:
- Ingress-nginx vulnerability report disclosure here
- Appsmith CVE-2024-55963 vulnerability report
- Upgrade your ingress-nginx controller and Appsmith deployments to their respective latest versions.
- Upgrade Appsmith to the most recent version: Please follow these instructions for details.
- Follow your internal security best practices for patch validation and deployment.
If you need assistance or have questions about how these vulnerabilities may impact your environment, please don’t hesitate to reach out. Our team is here to support you in maintaining a secure and up-to-date system.
