Описание
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known workarounds are available.
Ссылки
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.10.6 (исключая)
cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.0023
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-287
CWE-863
EPSS
Процентиль: 46%
0.0023
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-287
CWE-863