A critical vulnerability in the Appsmith platform allows authenticated users to compromise the Caddy reverse-proxy configuration, posing a severe risk of unauthorized system control.

The vulnerability stems from an unprotected Caddy admin API bound to 0.0.0.0:2019 within the container. An authenticated low-privileged user can leverage an SSRF vulnerability to issue arbitrary POST requests, effectively replacing the live reverse-proxy configuration.

Successful exploitation allows an attacker to manipulate the reverse-proxy, potentially leading to unauthorized access to internal services, traffic interception, or full application compromise. Given the CVSS score of 9.9, this vulnerability represents a critical risk to the confidentiality, integrity, and availability of the entire internal tool ecosystem managed by Appsmith.

Immediate Action: Upgrade the Appsmith platform to version 2.1 or later immediately to restrict access to the Caddy admin API.

Proactive Monitoring: Review access logs for anomalous POST requests directed at internal network segments or attempts to interact with the Caddy admin port.

Compensating Controls: Ensure the Appsmith container is isolated using network policies that restrict outbound traffic from the application process to prevent unauthorized SSRF attempts.

Public Exploit Available: No

The severity of this issue necessitates an immediate upgrade to version 2.1. Security teams should prioritize patching this vulnerability to prevent potential lateral movement or full platform takeover by malicious actors.