CVE-2023-28437 - OpenCVE

Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Dataease	Dataease

Configuration 1 [-]

cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/dataease/dataease/issues/4795	Exploit Issue Tracking Vendor Advisory
https://github.com/dataease/dataease/releases/tag/v1.18.5	Release Notes
https://github.com/dataease/dataease/security/advisories/GHSA-7j7j-9rw6-3r56	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-03-24T23:43:15.992Z

Updated: 2023-03-24T23:43:15.992Z

Reserved: 2023-03-15T15:59:10.054Z

Link: CVE-2023-28437

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-03-25T00:15:08.243

Modified: 2023-03-30T19:27:58.343

Link: CVE-2023-28437

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A6525A4-9AFC-4166-83A7-7986DA122308", "versionEndExcluding": "1.18.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds."}], "id": "CVE-2023-28437", "lastModified": "2023-03-30T19:27:58.343", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-03-25T00:15:08.243", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/dataease/dataease/issues/4795"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/dataease/dataease/releases/tag/v1.18.5"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/dataease/dataease/security/advisories/GHSA-7j7j-9rw6-3r56"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}