CVE-2023-40183

{"id": "CVE-2023-40183", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-09-21T15:15:10.197", "references": [{"url": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/dataease/dataease/releases/tag/v1.18.11", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv", "tags": ["Exploit"], "source": "security-advisories@github.com"}, {"url": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/dataease/dataease/releases/tag/v1.18.11", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds."}, {"lang": "es", "value": "DataEase es una herramienta de an\u00e1lisis y visualizaci\u00f3n de datos de c\u00f3digo abierto. Antes de la versi\u00f3n 1.18.11, DataEase ten\u00eda una vulnerabilidad que permit\u00eda a un atacante obtener cookies de usuario. El programa s\u00f3lo utiliza el m\u00e9todo `ImageIO.read()` para determinar si el archivo es un archivo de imagen o no. No existe ninguna restricci\u00f3n de inclusi\u00f3n en la lista blanca de sufijos de archivos. Esto permite al atacante sintetizar el c\u00f3digo de ataque en una imagen para cargarla y cambiar la extensi\u00f3n del archivo a html. El atacante puede robar las cookies del usuario accediendo a enlaces. La vulnerabilidad se ha solucionado en v1.18.11. No se conocen workarounds."}], "lastModified": "2024-11-21T08:18:57.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "663C4AF0-7E54-43AE-9B19-031662BCEA62", "versionEndExcluding": "1.18.11"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}