Summary: The DataEase project has announced a critical vulnerability (CVE-2024-56511) in its open-source business intelligence tool, allowing unauthorized access to sensitive data due to improper URL filtering. Rated 9.3 on the CVSSv4 scale, this flaw affects versions โค 2.10.3 and can lead to significant data breaches. Users are urged to upgrade to version 2.10.4 to mitigate the risk.
Threat Actor: Unknown | unknown
Victim: DataEase | DataEase
Keypoints :
- Critical vulnerability CVE-2024-56511 allows bypassing authentication mechanisms.
- Improper URL filtering in the TokenFilter class is the root cause of the flaw.
- Users are strongly advised to upgrade to version 2.10.4 to secure their systems.
Source: https://securityonline.info/cve-2024-56511-critical-authentication-bypass-vulnerability-in-dataease/