PT-2024-32390 · Dataease · Dataease
Flylzj
·
Published
2024-11-07
·
Updated
2025-06-12
·
CVE-2024-47073
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
DataEase versions prior to 2.10.2
Description
The issue is related to the lack of signature verification of
jwt tokens, which allows attackers to forge jwt tokens and gain access to any interface. There are no known workarounds for this issue.Recommendations
For versions prior to 2.10.2, upgrade to version 2.10.2 to fix the issue. As a temporary workaround, consider restricting access to interfaces that use
jwt tokens until the upgrade is applied.Exploit
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dataease