exploitDog

CVE-2024-31441

Опубликовано: 14 мая 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19.

Ссылки

https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-7wg6-p5wh
Exploit
Vendor Advisory
https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-7wg6-p5wh
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

Версия до 1.18.19 (исключая)

EPSS

Процентиль: 71%

0.00662

Низкий

7.5 High

CVSS3

Дефекты

CWE-863

CWE-863

EPSS

Процентиль: 71%

0.00662

Низкий

7.5 High

CVSS3

Дефекты

CWE-863

CWE-863