Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-52295

Nov. 21, 2024, 3:15 p.m.

Product(s) Impacted

DataEase

  • before 2.10.2

Description

DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2.

Weaknesses

CWE-798
Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

CWE ID: 798

Date

Published: Nov. 13, 2024, 4:15 p.m.

Last Modified: Nov. 21, 2024, 3:15 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

security-advisories@github.com

References

https://github.com/ security-advisories@github.com

https://github.com/ security-advisories@github.com