Security Advisory

CVE-2024-42056

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-08-22 00:00:00

Last updated 2026-03-02 18:30:48

Assigner mitre

State PUBLISHED

Description

Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1.

← Browse all CVEs View on cve.org ↗