exploitDog

CVE-2024-47073

Опубликовано: 07 нояб. 2024

Источник: nvd

CVSS3: 9.1

EPSS Средний

Описание

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

https://github.com/dataease/dataease/security/advisories/GHSA-5jr4-wrm2-xj36
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

Версия до 2.10.2 (исключая)

EPSS

Процентиль: 98%

0.49743

Средний

9.1 Critical

CVSS3

Дефекты

CWE-347

EPSS

Процентиль: 98%

0.49743

Средний

9.1 Critical

CVSS3

Дефекты

CWE-347