Lucene search

GitHub_MCVE-2024-30269

HistoryApr 08, 2024 - 3:15 p.m.

CVE-2024-30269

2024-04-0815:15:07

CWE-200

GitHub_M

web.nvd.nist.gov

dataease

open source

data visualization

analysis

vulnerability

database configuration

exposure

version 2.5.0

browser

platform

fixed

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

22.2%

JSON

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform’s database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.

Affected configurations

Vulners

Vulnrichment

Node

dataeasedataeaseRange<2.5.0

VendorProductVersionCPE
dataeasedataease*cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dataease	dataease	*	cpe:2.3:a:dataease:dataease::::::::

CNA Affected

[
  {
    "vendor": "dataease",
    "product": "dataease",
    "versions": [
      {
        "version": "< 2.5.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/dataease/dataease/releases/tag/v2.5.0

github.com/dataease/dataease/security/advisories/GHSA-8gvx-4qvj-6vv5

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

22.2%

JSON

Related for CVE-2024-30269