Authorization

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version...

CVE-2023-35164 Unauthorized users can manipulate a dashboard created by an administrator in DataEase

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version...

CVE-2023-34463

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known...

Design/Logic Flaw

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known...

CVE-2023-34463

DataEase contains a vulnerability (CVE-2023-34463) where unauthorized users can delete an application. Affected product: DataEase, with fixes implemented in version 1.18.8. Public references in multiple sources confirm the issue and upgrade as the advised remediation. Impact details describe unau...

CVE-2023-34463 Unauthorized users can delete applications in DataEase

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known...

CVE-2023-35168

DataEase (open source data visualization tool) has a privilege bypass vulnerability in affected versions prior to 1.18.8, allowing ordinary users to access the user database and exfiltrate fields such as password MD5 hashes, usernames, emails, and phone numbers. The fixed version is 1.18.8; upgra...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.8, which stems from the possibility th...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.8 that stems from a lack of...

CVE-2023-33963

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...

Design/Logic Flaw

DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...

CVE-2023-32310 DataEase API interface has IDOR vulnerability

DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...

Davinci 安全漏洞

Davinci is edp open source a DVsaaS data visualization service platform. A security vulnerability exists in Davinci version 0.3.0-rc, which originates from the fact that a user can connect to a malicious mysql server via a controlled data source and read arbitrary files on the client side...

CentOS 8 : grafana (CESA-2023:2784)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:2784 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closin...

Davinci 代码问题漏洞

Davinci is an edp open source DVsaaS Data Visualization Service platform. A security vulnerability exists in Davinci version 0.3.0-rc, which stems from vulnerability to server request forgery SSRF attacks...

Oracle Linux 9 : grafana (ELSA-2023-2167)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2167 advisory. - resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in - resolve CVE-2022-2880 CVE-2022-41715 grafana:...

Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks

The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 CVSS score: 8.9, impacts versions up to and including 2.0.1 and relat...

The vulnerability of the Grafana data visualization web tool, related to insufficient cleaning of user data, allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the Grafana data visualization web tool is related to insufficient cleaning of user data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

CVE-2023-28637

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

Remote code execution

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...