PT-2022-22010 · Dataease · Dataease

Ryze-Top

Published

2022-07-22

Updated

2025-09-24

CVE-2022-34112

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Dataease version 1.11.1

Description An access control issue in the component "/api/plugin/uninstall" allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.

Recommendations For Dataease version 1.11.1, update to version 1.11.2 to resolve the issue. As a temporary workaround, consider restricting access to the "/api/plugin/uninstall" endpoint until the patch is applied.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2022-34112

GHSA-C2PJ-RR68-PW94

Affected Products

Dataease

PT-2022-22010 · Dataease · Dataease

CVE-2022-34112

Weakness Enumeration

Related Identifiers

Affected Products

References · 10