← Volver a CVEs
CVE-2024-52295
CRITICAL9.8
Descripcion
DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado11/13/2024
Ultima modificacion2/20/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
dataease:dataease
Debilidades (CWE)
CWE-798
Referencias
https://github.com/dataease/dataease/commit/e755248d59543bcd668ace495f293ff735fa82e9(security-advisories@github.com)
https://github.com/dataease/dataease/security/advisories/GHSA-45v9-gfcv-xcq6(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.