CVE-2023-35168

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-35168

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35168.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-35168

Related

GHSA-c2r2-68p6-73xv

Published

2023-06-26T21:15:09Z

Modified

2025-02-14T11:47:33.000448Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords, username, email, and phone number. The vulnerability has been fixed in v1.18.8. Users are advised to upgrade. There are no known workarounds for the vulnerability.

References

https://github.com/dataease/dataease/security/advisories/GHSA-c2r2-68p6-73xv

Affected packages

Git / github.com/dataease/dataease

Affected ranges

Type: GIT
Repo: https://github.com/dataease/dataease
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4de4f95cffc263b4317a0c543d073024af99378e

Affected versions

v1.*

v1.0.0

v1.0.0-rc1

v1.0.0-rc2

v1.11.0

v1.11.1

v1.18.0

v1.18.1

v1.18.2

v1.18.3

v1.18.4

v1.18.5

v1.18.6

v1.18.7

v1.2.0

v1.3.0

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.8.0

v1.9.0