Unauthorized users can manipulate a dashboard created by an administrator in DataEase
CVE-2023-35164

6.3MEDIUM

Key Information:

Vendor

Dataease

Status
Dataease
Vendor
CVE Published:
26 June 2023

What is CVE-2023-35164?

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected Version(s)

dataease < 1.18.8

References

https://github.com/dataease/dataease/security/advisories/...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.