Critical Authentication Bypass Vulnerability in DataEase Patched

Summary: The DataEase project has announced a critical vulnerability (CVE-2024-56511) in its open-source business intelligence tool, allowing unauthorized access to sensitive data due to improper URL filtering. Rated 9.3 on the CVSSv4 scale, this flaw affects versions โ‰ค 2.10.3 and can lead to significant data breaches. Users are urged to upgrade to version 2.10.4 to mitigate the risk.

Threat Actor: Unknown | unknown
Victim: DataEase | DataEase

Keypoints :

  • Critical vulnerability CVE-2024-56511 allows bypassing authentication mechanisms.
  • Improper URL filtering in the TokenFilter class is the root cause of the flaw.
  • Users are strongly advised to upgrade to version 2.10.4 to secure their systems.

Source: https://securityonline.info/cve-2024-56511-critical-authentication-bypass-vulnerability-in-dataease/