Vulnerability Description
Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has been fixed in version 1.18.5.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dataease | Dataease | < 1.18.5 |
Related Weaknesses (CWE)
References
- https://github.com/dataease/dataease/issues/4798ExploitIssue TrackingThird Party Advisory
- https://github.com/dataease/dataease/security/advisories/GHSA-625h-q3g9-rffcExploitVendor Advisory
- https://github.com/dataease/dataease/issues/4798ExploitIssue TrackingThird Party Advisory
- https://github.com/dataease/dataease/security/advisories/GHSA-625h-q3g9-rffcExploitVendor Advisory
FAQ
What is CVE-2023-28435?
CVE-2023-28435 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The ...
How severe is CVE-2023-28435?
CVE-2023-28435 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28435?
Check the references section above for vendor advisories and patch information. Affected products include: Dataease Dataease.