Vulnerability Details CVE-2024-42056
Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.2%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2024-42056
-
cpe:2.3:a:retool:retool:3.18.1
-
cpe:2.3:a:retool:retool:3.18.23
-
cpe:2.3:a:retool:retool:3.20
-
cpe:2.3:a:retool:retool:3.20.1
-
cpe:2.3:a:retool:retool:3.20.18
-
cpe:2.3:a:retool:retool:3.22
-
cpe:2.3:a:retool:retool:3.22.1
-
cpe:2.3:a:retool:retool:3.22.21
-
cpe:2.3:a:retool:retool:3.24
-
cpe:2.3:a:retool:retool:3.24.1
-
cpe:2.3:a:retool:retool:3.24.22
-
cpe:2.3:a:retool:retool:3.26
-
cpe:2.3:a:retool:retool:3.26.14
-
cpe:2.3:a:retool:retool:3.26.4
-
cpe:2.3:a:retool:retool:3.28
-
cpe:2.3:a:retool:retool:3.28.15
-
cpe:2.3:a:retool:retool:3.28.3
-
cpe:2.3:a:retool:retool:3.32
-
cpe:2.3:a:retool:retool:3.32.1
-
cpe:2.3:a:retool:retool:3.32.12
-
cpe:2.3:a:retool:retool:3.33
-
cpe:2.3:a:retool:retool:3.33.1
-
cpe:2.3:a:retool:retool:3.33.18
-
cpe:2.3:a:retool:retool:3.36.0
-
cpe:2.3:a:retool:retool:3.36.1
-
cpe:2.3:a:retool:retool:3.37.0
-
cpe:2.3:a:retool:retool:3.38.0
-
cpe:2.3:a:retool:retool:3.39.0
-
cpe:2.3:a:retool:retool:3.40.0