CVE-2023-50974

MEDIUM

Appwrite CLI < 3.0.0 - Unprotected Credential Exposure via Prefs.json File

Title source: llm

Description

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.

References (2)

Core 2

Core References

Product

https://appwrite.io/docs/tooling/command-line/installation

Exploit, Third Party Advisory

https://gist.github.com/SkypLabs/72ee00ecfa7d1a3494e2d69a24279c1d

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 9.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (3)

appwrite/command_line_interface < 3.0.0

npm/appwrite-cli 0 - 3.0.0npm

pypi/appwrite 0 - 3.0.0PyPI

Published Jan 09, 2024

Tracked Since Feb 18, 2026