Vulnerability Description
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dataease | Dataease | < 2.5.0 |
Related Weaknesses (CWE)
References
- https://github.com/dataease/dataease/releases/tag/v2.5.0Release Notes
- https://github.com/dataease/dataease/security/advisories/GHSA-8gvx-4qvj-6vv5Vendor Advisory
- https://github.com/dataease/dataease/releases/tag/v2.5.0Release Notes
- https://github.com/dataease/dataease/security/advisories/GHSA-8gvx-4qvj-6vv5Vendor Advisory
FAQ
What is CVE-2024-30269?
CVE-2024-30269 is a vulnerability with a CVSS score of 5.3 (MEDIUM). DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path ...
How severe is CVE-2024-30269?
CVE-2024-30269 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-30269?
Check the references section above for vendor advisories and patch information. Affected products include: Dataease Dataease.