fit2cloud-chenyw

2 exploits Active since Jun 2023
CVE-2023-32310 WRITEUP HIGH WRITEUP
DataEase < 1.18.7 - Authorization Bypass via Dashboard and Message Deletion API
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user's dashboard or messages or interfering with the interface for marking messages read. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.
CVSS 8.1
CVE-2024-52295 WRITEUP CRITICAL WRITEUP
DataEase < 2.10.2 - Use of Hard-coded Credentials for JWT Forgery
DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2.
CVSS 9.8