CVE-2024-55953 Dataease Mysql JDBC Connection Parameters Not Verified Leads to Deserialization and Arbitrary File Read Vulnerability

DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the background JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. This vulnerability has been fixed in v1.18.27. Users are advised ...

PT-2024-36616 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to v1.18.27 Description: DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the JDBC connection string, the paramete...

DataEase 输入验证错误漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends to achieve business improvement and optimization. DataEase v1.18.27 prior to the version of the input validation error...

DataEase SQL注入漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. Used to help users quickly analyze data and gain insight into business trends , so as to achieve business improvement and optimization . DataEase v1.18.27 before the version of the SQL injection vulnerabili...

CVE-2024-52295

DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2...

CVE-2024-52295 DataEase has a forged JWT token vulnerability

DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2...

CVE-2024-52295 DataEase has a forged JWT token vulnerability

DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2...

CVE-2024-52295

What is affected: DataEase (open source data visualization/analysis tool). Vulnerability: Prior to version 2.10.2, DataEase allows forging of JWTs to take over services. The underlying issue is that the JWT secret is hardcoded, and the UID/OID are also hardcoded. Impact: High confidentiality, int...

CVE-2024-52295 DataEase has a forged JWT token vulnerability

DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2...

DataEase 信任管理问题漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A trust management issue vulnerability exists in DataEase versions prior to...

PT-2024-35161 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.2 Description: The issue allows attackers to forge JWT and take over services due to the JWT secret being hardcoded in the code. Additionally, the UID and OID are also hardcoded. This has been fixed in version...

CVE-2024-47073

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The...

CVE-2024-47073 Dataease arbitrary interface access vulnerability

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The...

CVE-2024-47073 Dataease arbitrary interface access vulnerability

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The...

CVE-2024-47073

DataEase v2.10.2 and earlier suffer from a missing JWT signature verification that lets an attacker forge tokens to access any interface. Multiple connected sources (including Nuclei template, Red Hat advisory, CVE listings) confirm the root cause as lack of signature verification and indicate th...

CVE-2024-47073 Dataease arbitrary interface access vulnerability

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The...

DataEase 数据伪造问题漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends to achieve business improvement and optimization. DataEase v2.10.2 version before the data forgery problem vulnerability ,...

PT-2024-32390 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.2 Description: The issue is related to the lack of signature verification of jwt tokens, which allows attackers to forge jwt tokens and gain access to any interface. There are no known workarounds for this issu...

CVE-2024-47074

DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java,...

CVE-2024-47074 Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability

DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java,...