Lucene search
+L

4 matches found

NVD
NVD
added 2025/01/10 4:15 p.m.24 views

CVE-2024-56511

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class,...

9.8CVSS0.20883EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/10 3:19 p.m.11 views

CVE-2024-56511 DataEase has an unauthorized vulnerability

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class,...

9.3CVSS6.8AI score0.20883EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/10 3:19 p.m.22 views

CVE-2024-56511 DataEase has an unauthorized vulnerability

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class,...

9.3CVSS0.20883EPSS
Exploits1References1
CVE
CVE
added 2025/01/10 3:19 p.m.77 views

CVE-2024-56511

DataEase CVE-2024-56511 affects DataEase prior to version 2.10.4. The root cause is a weakness in authentication in io.dataease.auth.filter.TokenFilter where request.getRequestURI is passed to WhitelistUtils.match to decide non-authenticated interfaces; the current whitelist filtering of semicolo...

9.8CVSS6.5AI score0.20883EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder