CVE-2024-52295

Sažetak

DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2.

Reference

https://github.com/dataease/dataease/commit/e755248d59543bcd668ace495f293ff735fa82e9
https://github.com/dataease/dataease/security/advisories/GHSA-45v9-gfcv-xcq6

CVSS

Base:	0.0
Impact:	0.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Zadnje važnije ažuriranje

13-11-2024 - 19:35

Objavljeno

13-11-2024 - 16:15