CVE-2023-50974

Published: Jan 9, 2024Modified: Jun 17, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.

Affected (1)

Products: Appwrite: Command Line Interface

Appwrite

1 product

Command Line Interface

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Appwrite Command Line Interface	Before 3.0.0

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

https://appwrite.io/docs/tooling/command-line/installation

Source: cve@mitre.org

Product

https://gist.github.com/SkypLabs/72ee00ecfa7d1a3494e2d69a24279c1d

Source: cve@mitre.org

ExploitThird Party Advisory

https://appwrite.io/docs/tooling/command-line/installation

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://gist.github.com/SkypLabs/72ee00ecfa7d1a3494e2d69a24279c1d

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.