Vulnerability Description
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user's dashboard or messages or interfering with the interface for marking messages read. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dataease | Dataease | < 1.18.7 |
Related Weaknesses (CWE)
References
- https://github.com/dataease/dataease/commit/72f428e87b5395c03d2f94ef6185fc247ddbPatch
- https://github.com/dataease/dataease/pull/5342PatchVendor Advisory
- https://github.com/dataease/dataease/releases/tag/v1.18.7Release Notes
- https://github.com/dataease/dataease/security/advisories/GHSA-7hv6-gv38-78wjExploitVendor Advisory
- https://github.com/dataease/dataease/commit/72f428e87b5395c03d2f94ef6185fc247ddbPatch
- https://github.com/dataease/dataease/pull/5342PatchVendor Advisory
- https://github.com/dataease/dataease/releases/tag/v1.18.7Release Notes
- https://github.com/dataease/dataease/security/advisories/GHSA-7hv6-gv38-78wjExploitVendor Advisory
FAQ
What is CVE-2023-32310?
CVE-2023-32310 is a vulnerability with a CVSS score of 8.1 (HIGH). DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). T...
How severe is CVE-2023-32310?
CVE-2023-32310 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32310?
Check the references section above for vendor advisories and patch information. Affected products include: Dataease Dataease.