QwikSec

Security Database

CVE

CWE

Training

CVE-2024-52295

Published: Nov 13, 2024

Modified: Nov 21, 2024

PUBLISHED

Description

DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2.

Vendor	Product	Versions
dataease	dataease	affected `< 2.10.2`

Weaknesses (CWE)

References

https://github.com/dataease/dataease/security/advisories/GHSA-45v9-gfcv-xcq6

x_refsource_CONFIRM

https://github.com/dataease/dataease/commit/e755248d59543bcd668ace495f293ff735fa82e9

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.