CVE-2022-39312— Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability

Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability

Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`, the `MysqlConfiguration` class does not filter any parameters. If an attacker adds some parameters to a JDBC url and connects to a malicious mysql server, the attacker can trigger the mysql jdbc deserialization vulnerability. Through the deserialization vulnerability, the attacker can execute system commands and obtain server privileges. Version 1.15.2 contains a patch for this issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

输入验证不恰当

DataEase 代码问题漏洞

DataEase是一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势，从而实现业务的改进与优化。 DataEase 1.15.2之前版本存在安全漏洞，该漏洞源于存在反序列化漏洞，数据源函数中的Mysql数据源可以自定义JDBC连接参数和要连接的Mysql服务器目标，由于不过滤任何参数，如果攻击者在JDBC url中添加一些参数并连接到恶意的mysql服务器，可以触发mysql jdbc反序列化漏洞，进而可以执行系统命令并获取服务器权限。

N/A

N/A