Hbdxmz

**Name of the Vulnerable Software and Affected Versions** Cloud Explorer Lite versions prior to 1.4.0 **Description** The issue concerns sensitive information leakage in the user information acquisition of Cloud Explorer Lite. The vulnerability has been fixed in version 1.4.0. **Recommendations** For versions prior to 1.4.0, update to version 1.4.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CloudExplorer Lite versions prior to 1.3.1 **Description** The issue concerns a command injection vulnerability in the installation function within the module management of CloudExplorer Lite, an open-source cloud management platform. This vulnerability has been fixed in version 1.3.1. There are no known workarounds aside from upgrading to the fixed version. **Recommendations** For versions prior to 1.3.1, upgrade to version 1.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the module management installation function until the upgrade can be applied.

**Name of the Vulnerable Software and Affected Versions** MeterSphere versions prior to 2.10.4 LTS **Description** MeterSphere is an open-source continuous testing platform. Some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. **Recommendations** For versions prior to 2.10.4 LTS, update to version 2.10.4 LTS to resolve the issue. As a temporary workaround, consider restricting access to sensitive interfaces until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** DataEase versions prior to 1.18.8 **Description** The issue allows ordinary users to bypass privileges and gain access to the user database, exposing sensitive information including md5 hashes of passwords, usernames, emails, and phone numbers. **Recommendations** For versions prior to 1.18.8, upgrade to version 1.18.8 to resolve the issue. At the moment, there are no known workarounds for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DataEase versions prior to 1.18.8 **Description** The issue allows unauthorized users to delete an application erroneously, which can lead to unintended data loss. This problem has been fixed in version 1.18.8. **Recommendations** For versions prior to 1.18.8, upgrade to version 1.18.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** DataEase versions prior to 1.18.8 **Description** The issue is related to a missing authorization check, allowing unauthorized users to manipulate a dashboard created by the administrator in an open source data visualization analysis tool. **Recommendations** For versions prior to 1.18.8, upgrade to version 1.18.8 to resolve the issue. As a temporary workaround, consider restricting access to dashboards created by administrators until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Dataease versions prior to 1.18.5 **Description** The issue concerns the file upload interface in Dataease, where permissions are not properly checked, allowing users who are not logged in to upload files directly to the background. Additionally, the file type is not checked, enabling users to upload any type of file. **Recommendations** For versions prior to 1.18.5, update to version 1.18.5 to resolve the issue. As a temporary workaround, consider restricting access to the file upload interface until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Dataease versions prior to 1.18.5 **Description** Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. **Recommendations** For versions prior to 1.18.5, update to version 1.18.5 to resolve the issue.