Vulnerability Report

CVE-2023-50974

Title: Appwrite Command Line Interface Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS)

Proof Of Concept

No public PoC currently indexed for CVE-2023-50974.

CWE Category CWE-798
Published Date Jan 09, 2024
Modified Date Jun 17, 2025
Exploit Status Not Found
Score 5.5 CVSS v3.1
Exploit Probability (EPSS)
0.03%

Vulnerability Summary

CVE-2023-50974: In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.

Impacted Vendors

A
appwrite 1
C
cloudfoundry 1

Reference Links

https://appwrite.io/docs/tooling/command-line/installation https://gist.github.com/SkypLabs/72ee00ecfa7d1a3494e2d69a24279c1d https://appwrite.io/docs/tooling/command-line/installation https://gist.github.com/SkypLabs/72ee00ecfa7d1a3494e2d69a24279c1d
CVSS v3.1
Source Entity [email protected]
Severity MEDIUM
5.5
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS v3.1
Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0
Severity MEDIUM
5.5
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2023-50974 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector LOCAL
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Stack

No specific products linked.