CVE-2023-40183

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569	Patch
https://github.com/dataease/dataease/releases/tag/v1.18.11	Release Notes
https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

History

26 Sep 2023, 14:59

Type	Values Removed	Values Added
References	~~(MISC) https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv -~~	(MISC) https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv - Exploit
References	~~(MISC) https://github.com/dataease/dataease/releases/tag/v1.18.11 -~~	(MISC) https://github.com/dataease/dataease/releases/tag/v1.18.11 - Release Notes
References	~~(MISC) https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569 -~~	(MISC) https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569 - Patch
CPE		cpe:2.3:a:dataease:dataease::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
First Time		Dataease Dataease dataease

21 Sep 2023, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-21 15:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-40183

Mitre link : CVE-2023-40183

CVE.ORG link : CVE-2023-40183

JSON object : View

Products Affected

dataease

dataease

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2023-40183", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-09-21T15:15:10.197", "references": [{"url": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/dataease/dataease/releases/tag/v1.18.11", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv", "tags": ["Exploit"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds."}, {"lang": "es", "value": "DataEase es una herramienta de an\u00e1lisis y visualizaci\u00f3n de datos de c\u00f3digo abierto. Antes de la versi\u00f3n 1.18.11, DataEase ten\u00eda una vulnerabilidad que permit\u00eda a un atacante obtener cookies de usuario. El programa s\u00f3lo utiliza el m\u00e9todo `ImageIO.read()` para determinar si el archivo es un archivo de imagen o no. No existe ninguna restricci\u00f3n de inclusi\u00f3n en la lista blanca de sufijos de archivos. Esto permite al atacante sintetizar el c\u00f3digo de ataque en una imagen para cargarla y cambiar la extensi\u00f3n del archivo a html. El atacante puede robar las cookies del usuario accediendo a enlaces. La vulnerabilidad se ha solucionado en v1.18.11. No se conocen workarounds."}], "lastModified": "2023-09-26T14:59:41.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "663C4AF0-7E54-43AE-9B19-031662BCEA62", "versionEndExcluding": "1.18.11"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}