CVE-2024-31441

Exploit

EPSS 0.66%
Veröffentlicht 14.05.2024 15:25:18
Zuletzt bearbeitet 12.02.2025 17:49:35
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dataease ≫ Dataease Version < 1.18.19

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.66%	0.704

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-7wg6-p5wh

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-31441

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-31441

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-31441

EUVD