CVE-2023-40183 - OpenCVE

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Dataease	Dataease

Configuration 1 [-]

cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569	Patch
https://github.com/dataease/dataease/releases/tag/v1.18.11	Release Notes
https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv	Exploit

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-09-21T14:21:49.833Z

Updated: 2023-09-21T14:21:49.833Z

Reserved: 2023-08-09T15:26:41.053Z

Link: CVE-2023-40183

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-21T15:15:10.197

Modified: 2023-09-26T14:59:41.697

Link: CVE-2023-40183

JSON object: View

Redhat Information

No data.

CWE

CWE-434

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-40183", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-09T15:26:41.053Z", "datePublished": "2023-09-21T14:21:49.833Z", "dateUpdated": "2023-09-21T14:21:49.833Z"}, "containers": {"cna": {"title": "DataEase has a vulnerability to obtain user cookies", "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "lang": "en", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv"}, {"name": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569", "tags": ["x_refsource_MISC"], "url": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569"}, {"name": "https://github.com/dataease/dataease/releases/tag/v1.18.11", "tags": ["x_refsource_MISC"], "url": "https://github.com/dataease/dataease/releases/tag/v1.18.11"}], "affected": [{"vendor": "dataease", "product": "dataease", "versions": [{"version": "< 1.18.11", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-21T14:21:49.833Z"}, "descriptions": [{"lang": "en", "value": "DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds."}], "source": {"advisory": "GHSA-w2r4-2r4w-fjxv", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*", "matchCriteriaId": "663C4AF0-7E54-43AE-9B19-031662BCEA62", "versionEndExcluding": "1.18.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds."}, {"lang": "es", "value": "DataEase es una herramienta de an\u00e1lisis y visualizaci\u00f3n de datos de c\u00f3digo abierto. Antes de la versi\u00f3n 1.18.11, DataEase ten\u00eda una vulnerabilidad que permit\u00eda a un atacante obtener cookies de usuario. El programa s\u00f3lo utiliza el m\u00e9todo `ImageIO.read()` para determinar si el archivo es un archivo de imagen o no. No existe ninguna restricci\u00f3n de inclusi\u00f3n en la lista blanca de sufijos de archivos. Esto permite al atacante sintetizar el c\u00f3digo de ataque en una imagen para cargarla y cambiar la extensi\u00f3n del archivo a html. El atacante puede robar las cookies del usuario accediendo a enlaces. La vulnerabilidad se ha solucionado en v1.18.11. No se conocen workarounds."}], "id": "CVE-2023-40183", "lastModified": "2023-09-26T14:59:41.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-09-21T15:15:10.197", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/dataease/dataease/releases/tag/v1.18.11"}, {"source": "security-advisories@github.com", "tags": ["Exploit"], "url": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security-advisories@github.com", "type": "Primary"}]}