CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Dataease: >> Dataease >> 1.18.27 Security Vulnerabilities

CVE-2024-30269

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.

CVSS Score

5.3

EPSS Score

0.923

Published

2024-04-08

Page 3

Vulnerabilities

Vulnerable Software

Dataease: >> Dataease >> 1.18.27 Security Vulnerabilities

Products

Pricing

Contact Us