{"id":"CVE-2023-29010","summary":"BudiBase Server-Side Request Forgery vulnerability","details":"Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action. Self-host users who run Budibase on the public internet and are using a cloud provider that allows HTTP access to metadata information should ensure that when they deploy Budibase live, their internal metadata endpoint is not exposed.","aliases":["GHSA-9xg2-9mcv-985p"],"modified":"2026-04-09T09:32:05.856444Z","published":"2023-04-06T16:02:18.684Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29010.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-918"]},"references":[{"type":"WEB","url":"https://github.com/Budibase/budibase/commits/develop?after=93d6939466aec192043d8ac842e754f65fdf2e8a+594&branch=develop&qualified_name=refs%2Fheads%2Fdevelop"},{"type":"WEB","url":"https://github.com/Budibase/budibase/releases/tag/v2.4.3"},{"type":"ADVISORY","url":"https://github.com/Budibase/budibase/security/advisories/GHSA-9xg2-9mcv-985p"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29010.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29010"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/budibase/budibase","events":[{"introduced":"0"},{"fixed":"3e154ba851e6a918b67a2e88738c11cc0ff25d5e"}]}],"versions":["v0.0.10","v0.0.11","v0.0.12","v0.0.17","v0.0.18","v0.0.19","v0.0.2","v0.0.20","v0.0.21","v0.0.22","v0.0.23","v0.0.24","v0.0.25","v0.0.26","v0.0.27","v0.0.28","v0.0.29","v0.0.3","v0.0.30","v0.0.31","v0.0.4","v0.0.5","v0.0.6","v0.0.7","v0.0.8","v0.0.9","v0.1.0","v0.1.1","v0.1.10","v0.1.11","v0.1.12","v0.1.13","v0.1.14","v0.1.15","v0.1.16","v0.1.17","v0.1.18","v0.1.19","v0.1.2","v0.1.20","v0.1.21","v0.1.22","v0.1.23","v0.1.24","v0.1.25","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.8","v0.1.9","v0.2.0","v0.2.1","v0.2.2","v0.2.3","v0.2.4","v0.2.5","v0.2.6","v0.3.0","v0.3.1","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.3.6","v0.3.7","v0.3.8","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.5.0","v0.5.1","v0.5.2","v0.5.3","v0.6.0","v0.6.1","v0.6.2","v0.7.0","v0.7.1","v0.7.2","v0.7.3","v0.7.4","v0.7.5","v0.7.6","v0.7.7","v0.7.8","v0.8.0","v0.8.1","v0.8.2","v0.8.3","v0.8.4","v0.8.5","v0.8.6","v0.8.7","v0.8.8","v0.8.9","v0.9.100","v0.9.101","v0.9.102","v0.9.103","v0.9.104","v0.9.105","v0.9.106","v0.9.107","v0.9.108","v0.9.109","v0.9.11","v0.9.110","v0.9.111","v0.9.112","v0.9.114","v0.9.115","v0.9.116","v0.9.117","v0.9.118","v0.9.119","v0.9.12","v0.9.120","v0.9.121","v0.9.122","v0.9.123","v0.9.124","v0.9.125","v0.9.127","v0.9.128","v0.9.13","v0.9.130","v0.9.131","v0.9.132","v0.9.133","v0.9.134","v0.9.135","v0.9.136","v0.9.137","v0.9.138","v0.9.139","v0.9.14","v0.9.140","v0.9.141","v0.9.142","v0.9.143","v0.9.144","v0.9.145","v0.9.146","v0.9.147","v0.9.148","v0.9.149","v0.9.15","v0.9.150","v0.9.151","v0.9.152","v0.9.153","v0.9.154","v0.9.155","v0.9.156","v0.9.157","v0.9.158","v0.9.159","v0.9.16","v0.9.160","v0.9.161","v0.9.162","v0.9.163","v0.9.164","v0.9.165","v0.9.166","v0.9.167-alpha.0","v0.9.167-alpha.1","v0.9.167-alpha.10","v0.9.167-alpha.11","v0.9.167-alpha.12","v0.9.167-alpha.13","v0.9.167-alpha.14","v0.9.167-alpha.2","v0.9.167-alpha.3","v0.9.167-alpha.4","v0.9.167-alpha.5","v0.9.167-alpha.6","v0.9.167-alpha.7","v0.9.167-alpha.8","v0.9.167-alpha.9","v0.9.169-alpha.0","v0.9.169-alpha.1","v0.9.169-alpha.10","v0.9.169-alpha.11","v0.9.169-alpha.12","v0.9.169-alpha.13","v0.9.169-alpha.14","v0.9.169-alpha.15","v0.9.169-alpha.16","v0.9.169-alpha.17","v0.9.169-alpha.18","v0.9.169-alpha.2","v0.9.169-alpha.3","v0.9.169-alpha.4","v0.9.169-alpha.5","v0.9.169-alpha.6","v0.9.169-alpha.7","v0.9.169-alpha.8","v0.9.169-alpha.9","v0.9.17","v0.9.173-alpha.0","v0.9.173-alpha.1","v0.9.173-alpha.2","v0.9.173-alpha.3","v0.9.173-alpha.4","v0.9.173-alpha.5","v0.9.173-alpha.6","v0.9.173-alpha.7","v0.9.173-alpha.8","v0.9.176-alpha.0","v0.9.176-alpha.1","v0.9.176-alpha.2","v0.9.176-alpha.3","v0.9.18","v0.9.180-alpha.0","v0.9.180-alpha.1","v0.9.180-alpha.10","v0.9.180-alpha.11","v0.9.180-alpha.2","v0.9.180-alpha.3","v0.9.180-alpha.4","v0.9.180-alpha.5","v0.9.180-alpha.6","v0.9.180-alpha.7","v0.9.180-alpha.8","v0.9.180-alpha.9","v0.9.185-alpha.0","v0.9.185-alpha.1","v0.9.185-alpha.10","v0.9.185-alpha.11","v0.9.185-alpha.12","v0.9.185-alpha.13","v0.9.185-alpha.14","v0.9.185-alpha.15","v0.9.185-alpha.16","v0.9.185-alpha.17","v0.9.185-alpha.18","v0.9.185-alpha.19","v0.9.185-alpha.2","v0.9.185-alpha.20","v0.9.185-alpha.21","v0.9.185-alpha.22","v0.9.185-alpha.4","v0.9.185-alpha.5","v0.9.185-alpha.6","v0.9.185-alpha.7","v0.9.185-alpha.8","v0.9.185-alpha.9","v0.9.19","v0.9.190-alpha.0","v0.9.190-alpha.1","v0.9.190-alpha.10","v0.9.190-alpha.11","v0.9.190-alpha.12","v0.9.190-alpha.2","v0.9.190-alpha.3","v0.9.190-alpha.4","v0.9.190-alpha.5","v0.9.190-alpha.6","v0.9.190-alpha.7","v0.9.190-alpha.8","v0.9.190-alpha.9","v0.9.2","v0.9.20","v0.9.21","v0.9.22","v0.9.23","v0.9.24","v0.9.25","v0.9.26","v0.9.27","v0.9.28","v0.9.3","v0.9.30","v0.9.31","v0.9.32","v0.9.34","v0.9.35","v0.9.36","v0.9.37","v0.9.38","v0.9.39","v0.9.4","v0.9.40","v0.9.41","v0.9.42","v0.9.43","v0.9.44","v0.9.45","v0.9.46","v0.9.47","v0.9.48","v0.9.49","v0.9.5","v0.9.50","v0.9.51","v0.9.52","v0.9.53","v0.9.54","v0.9.55","v0.9.56","v0.9.57","v0.9.58","v0.9.59","v0.9.6","v0.9.60","v0.9.61","v0.9.63","v0.9.64","v0.9.65","v0.9.66","v0.9.67","v0.9.68","v0.9.69","v0.9.7","v0.9.70","v0.9.71","v0.9.72","v0.9.73","v0.9.74","v0.9.75","v0.9.76","v0.9.77","v0.9.78","v0.9.79","v0.9.80","v0.9.81","v0.9.82","v0.9.83","v0.9.84","v0.9.85","v0.9.86","v0.9.87","v0.9.88","v0.9.89","v0.9.90","v0.9.91","v0.9.92","v0.9.93","v0.9.94","v0.9.95","v0.9.96","v0.9.98","v0.9.99","v1.0.100","v1.0.101","v1.0.102","v1.0.103","v1.0.104-alpha.0","v1.0.104-alpha.1","v1.0.105-alpha.0","v1.0.105-alpha.1","v1.0.105-alpha.10","v1.0.105-alpha.11","v1.0.105-alpha.12","v1.0.105-alpha.13","v1.0.105-alpha.14","v1.0.105-alpha.15","v1.0.105-alpha.16","v1.0.105-alpha.17","v1.0.105-alpha.18","v1.0.105-alpha.19","v1.0.105-alpha.2","v1.0.105-alpha.20","v1.0.105-alpha.21","v1.0.105-alpha.22","v1.0.105-alpha.23","v1.0.105-alpha.24","v1.0.105-alpha.25","v1.0.105-alpha.26","v1.0.105-alpha.27","v1.0.105-alpha.28","v1.0.105-alpha.29","v1.0.105-alpha.3","v1.0.105-alpha.30","v1.0.105-alpha.31","v1.0.105-alpha.33","v1.0.105-alpha.34","v1.0.105-alpha.35","v1.0.105-alpha.36","v1.0.105-alpha.37","v1.0.105-alpha.38","v1.0.105-alpha.39","v1.0.105-alpha.4","v1.0.105-alpha.40","v1.0.105-alpha.41","v1.0.105-alpha.42","v1.0.105-alpha.43","v1.0.105-alpha.44","v1.0.105-alpha.45","v1.0.105-alpha.5","v1.0.105-alpha.6","v1.0.105-alpha.7","v1.0.105-alpha.8","v1.0.105-alpha.9","v1.0.123-alpha.0","v1.0.123-alpha.1","v1.0.124-alpha.0","v1.0.126-alpha.0","v1.0.13-alpha.0","v1.0.13-alpha.1","v1.0.130-alpha.0","v1.0.130-alpha.1","v1.0.130-alpha.2","v1.0.130-alpha.3","v1.0.130-alpha.4","v1.0.130-alpha.5","v1.0.130-alpha.6","v1.0.130-alpha.7","v1.0.142-alpha.0","v1.0.142-alpha.1","v1.0.143-alpha.0","v1.0.143-alpha.1","v1.0.143-alpha.2","v1.0.148-alpha.0","v1.0.148-alpha.1","v1.0.15-alpha.1","v1.0.151-alpha.0","v1.0.151-alpha.1","v1.0.151-alpha.2","v1.0.155-alpha.0","v1.0.155-alpha.1","v1.0.155-alpha.2","v1.0.155-alpha.3","v1.0.159-alpha.0","v1.0.159-alpha.1","v1.0.159-alpha.2","v1.0.159-alpha.3","v1.0.164-alpha.0","v1.0.164-alpha.1","v1.0.164-alpha.2","v1.0.164-alpha.3","v1.0.164-alpha.4","v1.0.167-alpha.0","v1.0.167-alpha.1","v1.0.167-alpha.2","v1.0.167-alpha.3","v1.0.167-alpha.4","v1.0.167-alpha.5","v1.0.167-alpha.8","v1.0.167-alpha.9","v1.0.173-alpha.0","v1.0.176-alpha.0","v1.0.178-alpha.0","v1.0.185-alpha.0","v1.0.185-alpha.1","v1.0.185-alpha.2","v1.0.185-alpha.3","v1.0.185-alpha.5","v1.0.185-alpha.6","v1.0.185-alpha.7","v1.0.188-alpha.0","v1.0.188-alpha.1","v1.0.188-alpha.2","v1.0.19-alpha.1","v1.0.19-alpha.2","v1.0.19-alpha.3","v1.0.192-alpha.0","v1.0.192-alpha.1","v1.0.192-alpha.2","v1.0.192-alpha.3","v1.0.192-alpha.4","v1.0.192-alpha.5","v1.0.192-alpha.6","v1.0.192-alpha.7","v1.0.192-alpha.8","v1.0.192-alpha.9","v1.0.207-alpha.0","v1.0.207-alpha.1","v1.0.207-alpha.10","v1.0.207-alpha.3","v1.0.207-alpha.4","v1.0.207-alpha.5","v1.0.207-alpha.6","v1.0.207-alpha.7","v1.0.207-alpha.8","v1.0.207-alpha.9","v1.0.212-alpha.0","v1.0.212-alpha.1","v1.0.212-alpha.10","v1.0.212-alpha.11","v1.0.212-alpha.12","v1.0.212-alpha.13","v1.0.212-alpha.14","v1.0.212-alpha.15","v1.0.212-alpha.2","v1.0.212-alpha.3","v1.0.212-alpha.9","v1.0.219-alpha.0","v1.0.219-alpha.10","v1.0.219-alpha.11","v1.0.219-alpha.12","v1.0.219-alpha.13","v1.0.219-alpha.14","v1.0.219-alpha.15","v1.0.219-alpha.16","v1.0.219-alpha.17","v1.0.219-alpha.4","v1.0.219-alpha.5","v1.0.219-alpha.6","v1.0.219-alpha.7","v1.0.219-alpha.8","v1.0.219-alpha.9","v1.0.220","v1.0.220-alpha.0","v1.0.220-alpha.1","v1.0.220-alpha.2","v1.0.220-alpha.3","v1.0.221","v1.0.23-alpha.0","v1.0.23-alpha.1","v1.0.27-alpha.0","v1.0.27-alpha.1","v1.0.27-alpha.10","v1.0.27-alpha.11","v1.0.27-alpha.12","v1.0.27-alpha.13","v1.0.27-alpha.16","v1.0.27-alpha.17","v1.0.27-alpha.19","v1.0.27-alpha.20","v1.0.27-alpha.21","v1.0.27-alpha.22","v1.0.27-alpha.23","v1.0.27-alpha.24","v1.0.27-alpha.3","v1.0.27-alpha.4","v1.0.27-alpha.5","v1.0.27-alpha.6","v1.0.27-alpha.7","v1.0.27-alpha.8","v1.0.27-alpha.9","v1.0.3-alpha.0","v1.0.44-alpha.0","v1.0.44-alpha.1","v1.0.44-alpha.7","v1.0.44-alpha.8","v1.0.44-alpha.9","v1.0.46-alpha.0","v1.0.46-alpha.1","v1.0.46-alpha.2","v1.0.46-alpha.3","v1.0.46-alpha.4","v1.0.46-alpha.5","v1.0.46-alpha.6","v1.0.46-alpha.7","v1.0.46-alpha.8","v1.0.49-alpha.0","v1.0.49-alpha.1","v1.0.49-alpha.10","v1.0.49-alpha.11","v1.0.49-alpha.12","v1.0.49-alpha.13","v1.0.49-alpha.14","v1.0.49-alpha.15","v1.0.49-alpha.16","v1.0.49-alpha.2","v1.0.49-alpha.3","v1.0.49-alpha.4","v1.0.49-alpha.5","v1.0.49-alpha.6","v1.0.49-alpha.8","v1.0.49-alpha.9","v1.0.5-alpha.0","v1.0.5-alpha.1","v1.0.50-alpha.0","v1.0.50-alpha.1","v1.0.50-alpha.2","v1.0.50-alpha.3","v1.0.50-alpha.4","v1.0.50-alpha.5","v1.0.50-alpha.6","v1.0.50-alpha.7","v1.0.58-alpha.0","v1.0.58-alpha.1","v1.0.58-alpha.2","v1.0.58-alpha.3","v1.0.58-alpha.4","v1.0.58-alpha.5","v1.0.58-alpha.6","v1.0.58-alpha.7","v1.0.6-alpha.0","v1.0.6-alpha.1","v1.0.66-alpha.0","v1.0.72-alpha.0","v1.0.73-alpha.0","v1.0.74-alpha.0","v1.0.74-alpha.1","v1.0.74-alpha.2","v1.0.76-alpha.0","v1.0.76-alpha.1","v1.0.76-alpha.2","v1.0.76-alpha.3","v1.0.76-alpha.4","v1.0.76-alpha.5","v1.0.76-alpha.6","v1.0.79-alpha.0","v1.0.79-alpha.1","v1.0.79-alpha.10","v1.0.79-alpha.11","v1.0.79-alpha.2","v1.0.79-alpha.3","v1.0.79-alpha.4","v1.0.79-alpha.5","v1.0.79-alpha.6","v1.0.79-alpha.7","v1.0.79-alpha.8","v1.0.79-alpha.9","v1.0.8-alpha.0","v1.0.8-alpha.1","v1.0.8-alpha.2","v1.0.80-alpha.0","v1.0.80-alpha.1","v1.0.80-alpha.2","v1.0.80-alpha.3","v1.0.80-alpha.4","v1.0.80-alpha.5","v1.0.83","v1.0.84","v1.0.85","v1.0.87","v1.0.88","v1.0.89","v1.0.9-alpha.0","v1.0.9-alpha.1","v1.0.90","v1.0.91","v1.0.92","v1.0.93","v1.0.94","v1.0.96","v1.0.97","v1.0.98","v1.0.99","v1.1.0","v1.1.1","v1.1.10","v1.1.11","v1.1.12","v1.1.13","v1.1.14","v1.1.15","v1.1.16","v1.1.17","v1.1.18","v1.1.19","v1.1.2","v1.1.20","v1.1.21","v1.1.22","v1.1.23","v1.1.24","v1.1.25","v1.1.26","v1.1.27","v1.1.28","v1.1.29","v1.1.3","v1.1.30","v1.1.31","v1.1.32","v1.1.4","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.9","v1.2.0","v1.2.1","v1.2.10","v1.2.11","v1.2.12","v1.2.13","v1.2.14","v1.2.15","v1.2.16","v1.2.17","v1.2.18","v1.2.19","v1.2.2","v1.2.20","v1.2.21","v1.2.22","v1.2.23","v1.2.24","v1.2.25","v1.2.26","v1.2.27","v1.2.28","v1.2.29","v1.2.3","v1.2.31","v1.2.32","v1.2.33","v1.2.34","v1.2.35","v1.2.36","v1.2.37","v1.2.38","v1.2.39","v1.2.4","v1.2.40","v1.2.41","v1.2.42","v1.2.43","v1.2.44","v1.2.45","v1.2.46","v1.2.47","v1.2.48","v1.2.49","v1.2.5","v1.2.50","v1.2.51","v1.2.52","v1.2.53","v1.2.54","v1.2.55","v1.2.56","v1.2.57","v1.2.58","v1.2.59","v1.2.6","v1.2.7","v1.2.8","v1.2.9","v1.3.0","v1.3.1","v1.3.10","v1.3.11","v1.3.12","v1.3.13","v1.3.14","v1.3.15","v1.3.16","v1.3.17","v1.3.18","v1.3.19","v1.3.2","v1.3.20","v1.3.21","v1.3.22","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.3.8","v1.3.9","v1.4.0","v1.4.1","v1.4.10","v1.4.11","v1.4.12","v1.4.13","v1.4.14","v1.4.15","v1.4.16","v1.4.17","v1.4.18","v1.4.19","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.7","v1.4.8","v1.4.9","v2.0.0","v2.0.1","v2.0.10","v2.0.11","v2.0.12","v2.0.13","v2.0.14","v2.0.15","v2.0.16","v2.0.17","v2.0.18","v2.0.19","v2.0.2","v2.0.20","v2.0.21","v2.0.22","v2.0.23","v2.0.24","v2.0.25","v2.0.26","v2.0.27","v2.0.28","v2.0.29","v2.0.3","v2.0.30","v2.0.31","v2.0.32","v2.0.33","v2.0.34","v2.0.35","v2.0.36","v2.0.37","v2.0.38","v2.0.39","v2.0.4","v2.0.40","v2.0.5","v2.0.6","v2.0.7","v2.0.8","v2.0.9","v2.1.0","v2.1.10","v2.1.11","v2.1.12","v2.1.13","v2.1.14","v2.1.15","v2.1.16","v2.1.17","v2.1.18","v2.1.19","v2.1.2","v2.1.20","v2.1.21","v2.1.22","v2.1.23","v2.1.24","v2.1.25","v2.1.26","v2.1.27","v2.1.28","v2.1.29","v2.1.3","v2.1.30","v2.1.31","v2.1.32","v2.1.33","v2.1.34","v2.1.35","v2.1.36","v2.1.37","v2.1.38","v2.1.39","v2.1.4","v2.1.40","v2.1.41","v2.1.42","v2.1.43","v2.1.44","v2.1.45","v2.1.46","v2.1.5","v2.1.6","v2.1.7","v2.1.8","v2.1.9","v2.2.0","v2.2.1","v2.2.10","v2.2.11","v2.2.12","v2.2.13","v2.2.14","v2.2.15","v2.2.16","v2.2.17","v2.2.18","v2.2.19","v2.2.2","v2.2.20","v2.2.21","v2.2.22","v2.2.23","v2.2.24","v2.2.25","v2.2.26","v2.2.27","v2.2.3","v2.2.4","v2.2.5","v2.2.6","v2.2.7","v2.2.8","v2.2.9","v2.3.0","v2.3.1","v2.3.10","v2.3.11","v2.3.12","v2.3.13","v2.3.14","v2.3.15","v2.3.16","v2.3.17","v2.3.18","v2.3.19","v2.3.2","v2.3.21","v2.3.23","v2.3.24","v2.3.25","v2.3.3","v2.3.4","v2.3.5","v2.3.6","v2.3.7","v2.3.8","v2.3.9","v2.4.0","v2.4.1","v2.4.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29010.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}