DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS
No CVSS.
References
Configurations
No configuration.
History
21 Nov 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
08 Nov 2024, 17:35
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 0.0 |
07 Nov 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-07 18:15
Updated : 2024-11-21 17:15
NVD link : CVE-2024-47073
Mitre link : CVE-2024-47073
CVE.ORG link : CVE-2024-47073
JSON object : View
Products Affected
No product.
CWE
CWE-347
Improper Verification of Cryptographic Signature