exploitDog

CVE-2023-35164

Опубликовано: 26 июн. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 6.5

EPSS Низкий

Описание

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

https://github.com/dataease/dataease/security/advisories/GHSA-grxm-fc3h-3qgj
Exploit
Vendor Advisory
https://github.com/dataease/dataease/security/advisories/GHSA-grxm-fc3h-3qgj
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

Версия до 1.18.8 (исключая)

EPSS

Процентиль: 19%

0.00061

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-862

EPSS

Процентиль: 19%

0.00061

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-862