Описание
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.
Ссылки
- Release Notes
- Vendor Advisory
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.5.0 (исключая)
cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.92096
Критический
5.3 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-noinfo
EPSS
Процентиль: 100%
0.92096
Критический
5.3 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-noinfo