CVE-2024-30269

MEDIUM EXPLOITED NUCLEI

Dataease < 2.5.0 - Information Disclosure

Title source: rule

Description

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.

Exploits (1)

exploitdb WORKING POC

by ByteHunter · pythonwebappsjava

https://www.exploit-db.com/exploits/52128

View Code ZIP pw:eip

Nuclei Templates (1)

DataEase <= 2.4.1 - Sensitive Information Exposure

MEDIUMVERIFIEDby s4e-io

Shodan: http.html:"dataease"

FOFA: body="dataease"

References (2)

[Release Notes] https://github.com/dataease/dataease/releases/tag/v2.5.0

[Vendor Advisory] https://github.com/dataease/dataease/security/advisories/GHSA-8gvx-4qvj-6vv5

Scores

CVSS v3 5.3

EPSS 0.9187

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2025-06-28

CWE

CWE-200

Status published

Products (1)

dataease/dataease < 2.5.0

Published Apr 08, 2024

Tracked Since Feb 18, 2026