Get tailored security recommendations from our analyst team for CVE-2024-47073. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Available Exploits

DataEase v2.10.2 - JWT Signature Verification Bypass

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions, the lack of signature verification of JWT tokens allows attackers to forge JWTs, which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

ID: CVE-2024-47073

Author: iamnoooobpdresearch Critical

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-47073

Related News

No news articles found for this CVE.

Affected Products

dataease

Affected Versions:

< 2.10.2

dataease

Affected Versions:

References

https://github.com/dataease/dataease/security/advisories/GHSA-5jr4-wrm2-xj36

Published: 2024-11-07T17:31:23.535Z

Last Modified: 2024-11-21T16:23:47.430Z

Copied to clipboard!

CVE-2024-47073

Expert Analysis

Description

Available Exploits

DataEase v2.10.2 - JWT Signature Verification Bypass

References:

Related News

Affected Products

dataease

Affected Versions:

dataease

Affected Versions:

References

Request Analysis

What to expect

Request Received!