Описание
Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. Version 1.11.2 contains a patch for this issue.
Пакеты
Наименование
io.dataease:dataease-plugin-common
maven
Затронутые версииВерсия исправления
<= 1.11.1
1.11.2
Связанные уязвимости
CVSS3: 6.5
nvd
больше 3 лет назад
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.