CVE-2023-35168— DataEase has a privilege bypass vulnerability

DataEase has a privilege bypass vulnerability

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords, username, email, and phone number. The vulnerability has been fixed in v1.18.8. Users are advised to upgrade. There are no known workarounds for the vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

关键资源的不正确权限授予

DataEase 安全漏洞

DataEase是一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势，从而实现业务的改进与优化。 DataEase 1.18.8之前版本存在安全漏洞，该漏洞源于存在权限绕过漏洞，普通用户可以访问用户数据库。

N/A

N/A