CVE-2024-47073

CRITICAL NUCLEI

DataEase <2.10.2 - Auth Bypass

Title source: llm

Description

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Nuclei Templates (1)

DataEase v2.10.2 - JWT Signature Verification Bypass

CRITICALVERIFIEDby iamnoooob,pdresearch

Shodan: http.html:"dataease"

FOFA: body="dataease"

References (1)

[Exploit, Vendor Advisory] https://github.com/dataease/dataease/security/advisories/GHSA-5jr4-wrm2-xj36

Scores

CVSS v3 9.1

EPSS 0.5611

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-347

Status published

Products (1)

dataease/dataease < 2.10.2

Published Nov 07, 2024

Tracked Since Feb 18, 2026