CVE-2024-52295

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-52295
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52295.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-52295
Aliases
  • GHSA-45v9-gfcv-xcq6
Published
2024-11-13T16:15:19Z
Modified
2025-01-14T12:17:41.076414Z
Summary
[none]
Details

DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2.

References

Affected packages

Git / github.com/dataease/dataease

Affected ranges

Type
GIT
Repo
https://github.com/dataease/dataease
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v1.*

v1.0.0
v1.0.0-rc1
v1.0.0-rc2
v1.11.0
v1.11.1
v1.2.0
v1.3.0
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.8.0
v1.9.0

v2.*

v2.2.0
v2.3.0
v2.4.0
v2.6.0
v2.9.0