2 matches found
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34112 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34112 Source advisory: OSV:GHSA-C2PJ-RR68-PW94...
CVE-2022-34112
CVE-2022-34112 describes an access-control flaw in DataEase v1.11.1 where non-admin users can arbitrarily uninstall the plugin via /api/plugin/uninstall. The issue’s root cause is improper permission checks on the uninstall endpoint, enabling privilege escalation to perform a destructive action. ...