Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has been fixed in version 1.18.5.
References
| Link | Resource |
|---|---|
| https://github.com/dataease/dataease/issues/4798 | Exploit Issue Tracking Third Party Advisory |
| https://github.com/dataease/dataease/security/advisories/GHSA-625h-q3g9-rffc | Exploit Vendor Advisory |
Configurations
History
07 Nov 2023, 04:10
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has been fixed in version 1.18.5. |
31 Mar 2023, 14:28
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| References | (MISC) https://github.com/dataease/dataease/issues/4798 - Exploit, Issue Tracking, Third Party Advisory | |
| References | (MISC) https://github.com/dataease/dataease/security/advisories/GHSA-625h-q3g9-rffc - Exploit, Vendor Advisory | |
| CPE | cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:* | |
| First Time |
Dataease dataease
Dataease |
24 Mar 2023, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-03-24 21:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-28435
Mitre link : CVE-2023-28435
CVE.ORG link : CVE-2023-28435
JSON object : View
Products Affected
dataease
- dataease
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')