Appsmith Patches Critical Authorization Bypass in App Viewer Datasource Import Feature

A critical authorization bypass vulnerability in Appsmith's App Viewer allowed datasource configurations to potentially leak through the import helper function, according to a recently disclosed GitHub Security Advisory (GHSA-93mf-9h52-gfxp). The flaw stemmed from a null permission check that effectively disabled access controls for workspace datasource queries.

The vulnerability resided in `DatasourceImportableServiceCEImpl.getEntitiesPresentInWorkspace()`, which was calling `getAllByWorkspaceIdWithStorages(workspaceId, null)`. By passing `null` as the ACL permission argument, the method bypassed authorization checks entirely, potentially exposing sensitive datasource configurations to unauthorized users within the same workspace. The fix enforces `datasourcePermission.getReadPermission()` (READ_DATASOURCES), aligning the import helper with the standard datasource listing endpoint's security model. Developers also updated constructors in both `DatasourceImportableServiceCEImpl` and `DatasourceImportableServiceImpl` to inject `DatasourcePermission`, with Spring auto-wiring the required bean.

The Appsmith team added regression test coverage for this issue, implementing `should_enforceReadPermission_when_getEntitiesPresentInWorkspace_isCalled` to verify that READ_DATASOURCES permission is consistently applied and null is never used as a permission parameter. The vulnerability highlights a common pitfall in access control implementation where helper or utility functions inadvertently circumvent established authorization patterns. Organizations running affected Appsmith instances should verify their deployments have applied the security patch. The disclosure represents a typical pattern of authorization logic errors in collaborative low-code platforms where multiple services share workspace-scoped data.