CVE-2024-47073 — CRITICAL (9.1)

Q: How severe is CVE-2024-47073?

CVE-2024-47073 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-47073?

Check the references section above for vendor advisories and patch information. Affected products include: Dataease Dataease.

Vulnerability Description

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Dataease	Dataease	< 2.10.2

Related Weaknesses (CWE)

CWE-347

References

https://github.com/dataease/dataease/security/advisories/GHSA-5jr4-wrm2-xj36ExploitVendor Advisory

FAQ

What is CVE-2024-47073?

CVE-2024-47073 is a vulnerability with a CVSS score of 9.1 (CRITICAL). DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of j...

How severe is CVE-2024-47073?

CVE-2024-47073 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-47073?

Check the references section above for vendor advisories and patch information. Affected products include: Dataease Dataease.