Vulnerability Details : CVE-2023-32310
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user's dashboard or messages or interfering with the interface for marking messages read. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.
Products affected by CVE-2023-32310
- cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-32310
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32310
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
2.8
|
5.2
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
2.8
|
5.2
|
GitHub, Inc. |
CWE ids for CVE-2023-32310
-
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
References for CVE-2023-32310
-
https://github.com/dataease/dataease/security/advisories/GHSA-7hv6-gv38-78wj
DataEase API interfaces exist idor vulnerability · Advisory · dataease/dataease · GitHubExploit;Vendor Advisory
-
https://github.com/dataease/dataease/commit/72f428e87b5395c03d2f94ef6185fc247ddbc8dc
feat(仪表板): 删除分享IDOR漏洞 · dataease/dataease@72f428e · GitHubPatch
-
https://github.com/dataease/dataease/pull/5342
feat(仪表板): 删除分享IDOR漏洞 by fit2cloudrd · Pull Request #5342 · dataease/dataease · GitHubPatch;Vendor Advisory
-
https://github.com/dataease/dataease/releases/tag/v1.18.7
Release v1.18.7 · dataease/dataease · GitHubRelease Notes
Jump to