Lucene search

GitHub_MCVELIST:CVE-2024-30269

HistoryApr 08, 2024 - 2:19 p.m.

CVE-2024-30269 DataEase has database configuration information exposure vulnerability

2024-04-0814:19:56

CWE-200

GitHub_M

www.cve.org

dataease

database configuration

exposure vulnerability

version 2.5.0 fix

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

22.2%

JSON

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform’s database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.

CNA Affected

[
  {
    "vendor": "dataease",
    "product": "dataease",
    "versions": [
      {
        "version": "< 2.5.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/dataease/dataease/releases/tag/v2.5.0

github.com/dataease/dataease/security/advisories/GHSA-8gvx-4qvj-6vv5

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

22.2%

JSON

Related for CVELIST:CVE-2024-30269