budibase
27 known vulnerabilities · 2 critical · 2 high
Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud)
Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview
Budibase vulnerable to SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`)
Budibase: Unrestricted Upload of File with Dangerous Type
Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step
budibase: Database Connector SQL Injections in PostgreSQL, MS SQL, and MySQL
Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour
Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints
Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker
Budibase: Command Injection in Bash Automation Step
Budibase Improper Control of Dynamically-Managed Code Resources vulnerability
Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step
Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover
Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL
Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist
Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration
Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation
Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration
Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API
Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write
Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL
Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign
Budibase: Unvalidated VectorDB Host Parameter Enables SSRF
Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection
Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema