CVE-2024-52295
Nov. 21, 2024, 3:15 p.m.
Tags
Product(s) Impacted
DataEase
- before 2.10.2
Description
DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2.
Weaknesses
CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CWE ID: 798Date
Published: Nov. 13, 2024, 4:15 p.m.
Last Modified: Nov. 21, 2024, 3:15 p.m.
Status : Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
More infoSource
security-advisories@github.com