Summary: The DataEase project has announced a critical vulnerability (CVE-2024-56511) in its open-source business intelligence tool, allowing unauthorized access to sensitive data due to improper URL filtering. Rated 9.3 on the CVSSv4 scale, this flaw affects versions ≤ 2.10.3 and can lead to significant data breaches. Users are urged to upgrade to version 2.10.4 to mitigate the risk.
Threat Actor: Unknown | unknown
Victim: DataEase | DataEase
Keypoints :
- Critical vulnerability CVE-2024-56511 allows bypassing authentication mechanisms.
- Improper URL filtering in the TokenFilter class is the root cause of the flaw.
- Users are strongly advised to upgrade to version 2.10.4 to secure their systems.
Source: https://securityonline.info/cve-2024-56511-critical-authentication-bypass-vulnerability-in-dataease/