关联漏洞
标题:DataEase 数据伪造问题漏洞 (CVE-2024-47073)Description:DataEase是DataEase开源的一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势,从而实现业务的改进与优化。 DataEase v2.10.2版本之前存在数据伪造问题漏洞,该漏洞源于jwt token签名验证缺失。攻击者利用该漏洞可以伪造jwts并允许访问任意接口。
Description
DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions, the lack of signature verification of JWT tokens allows attackers to forge JWTs, which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
文件快照
id: CVE-2024-47073
info:
name: DataEase v2.10.2 - JWT Signature Verification Bypass
author: iam
...
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。