702 matches found
CVE-2023-35168 DataEase has a privilege bypass vulnerability
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords,...
PT-2023-24893 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.8 Description: The issue allows unauthorized users to delete an application erroneously, which can lead to unintended data loss. This problem has been fixed in version 1.18.8. Recommendations: For versions prio...
PT-2023-25179 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.8 Description: The issue allows ordinary users to bypass privileges and gain access to the user database, exposing sensitive information including md5 hashes of passwords, usernames, emails, and phone numbers...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends to achieve business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.8, which stems from a privilege...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.8, which stems from the possibility th...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.8 that stems from a lack of...
PT-2023-25175 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.8 Description: The issue is related to a missing authorization check, allowing unauthorized users to manipulate a dashboard created by the administrator in an open source data visualization analysis tool...
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.18.6), io.dataease:dataease-plugin-interface (>=1.0 <=1.18.6) +1 more potentially affected by CVE-2023-32310 via io.dataease:dataease-plugin-common (>=1.0 <=1.18.6)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.18.6 Source cves: CVE-2023-32310 Source advisory: OSV:GHSA-7HV6-GV38-78WJ...
DataEase API interface has IDOR vulnerability
Impact The api interface for DataEase delete dashboard and delete system messages is vulnerable to IDOR. The interface to delete the dashboard: 1. Create two users: user1 and user2 2. User1 creates a dashboard named pan1 3. User2 creates a dashboard named pan2 4. Both user1 and user2 share their...
GHSA-7HV6-GV38-78WJ DataEase API interface has IDOR vulnerability
Impact The api interface for DataEase delete dashboard and delete system messages is vulnerable to IDOR. The interface to delete the dashboard: 1. Create two users: user1 and user2 2. User1 creates a dashboard named pan1 3. User2 creates a dashboard named pan2 4. Both user1 and user2 share their...
CVE-2023-33963
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...
CVE-2023-32310
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...
Deserialization of untrusted data
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...
CVE-2023-33963 DataEase data source has deserialization vulnerability
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...
CVE-2023-33963 DataEase data source has deserialization vulnerability
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...
CVE-2023-33963
DataEase (open source data visualization/analysis tool) contains a deserialization vulnerability in the DataEase datasource prior to version 1.18.7 that allows arbitrary code execution. The issue is fixed in v1.18.7; there are no known workarounds other than upgrading. CVSS metrics indicate a CRI...
CVE-2023-33963 DataEase data source has deserialization vulnerability
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...
CVE-2023-32310 DataEase API interface has IDOR vulnerability
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...
CVE-2023-32310 DataEase API interface has IDOR vulnerability
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...
CVE-2023-32310
CVE-2023-32310 affects DataEase, where the API endpoints for deleting dashboards and deleting system messages are vulnerable to insecure direct object references (IDOR). The flaw could allow a user to delete another user’s dashboard or messages or interfere with marking messages read. Affected ve...