← back
CVE-2024-30269

DataEase has database configuration information exposure vulnerability

CVSS 5.3 MEDIUMEPSS 16.0%CWE-200
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
dataease · dataease
public PoCs found1
exploitdbwww.exploit-db.com/exploits/52128unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/dataease/dataease/releases/tag/v2.5.0https://github.com/dataease/dataease/security/advisories/GHSA-8gvx-4qvj-6vv5