CVE-2024-56511

Jan. 10, 2025, 4:15 p.m.

None
No Score

Description

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class, ”request.getRequestURI“ is used to obtain the request URL, and it is passed to the "WhitelistUtils.match" method to determine whether the URL request is an interface that does not require authentication. The "match" method filters semicolons, but this is not enough. When users set "server.servlet.context-path" when deploying products, there is still a risk of being bypassed, which can be bypassed by any whitelist prefix /geo/../context-path/. The vulnerability has been fixed in v2.10.4.

Product(s) Impacted

Product Versions
DataEase
  • before 2.10.4

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-289
Authentication Bypass by Alternate Name
The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.

References

https://github.com/dataease/dataease/security/advisories/GHSA-9f69-p73j-m73x

Tags

security-advisories@github.com
2025-01-10
CVE-2024-56511
CWE-289

Timeline

Published: Jan. 10, 2025, 4:15 p.m.
Last Modified: Jan. 10, 2025, 4:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.