Vulnerabilities (CVE)

Filtered by vendor Retool Subscribe
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-42056 1 Retool 1 Retool 2024-08-26 N/A 6.5 MEDIUM
Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1.