cve-2023-40183
Vulnerability from cvelistv5
Published
2023-09-21 14:21
Modified
2024-09-24 18:17
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds.
References
security-advisories@github.comhttps://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569Patch
security-advisories@github.comhttps://github.com/dataease/dataease/releases/tag/v1.18.11Release Notes
security-advisories@github.comhttps://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxvExploit
af854a3a-2127-422b-91ae-364da2661108https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/dataease/dataease/releases/tag/v1.18.11Release Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxvExploit
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:24:55.642Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv"
          },
          {
            "name": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569"
          },
          {
            "name": "https://github.com/dataease/dataease/releases/tag/v1.18.11",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dataease/dataease/releases/tag/v1.18.11"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40183",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T18:17:04.701831Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T18:17:15.144Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dataease",
          "vendor": "dataease",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.18.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-21T14:21:49.833Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv"
        },
        {
          "name": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569"
        },
        {
          "name": "https://github.com/dataease/dataease/releases/tag/v1.18.11",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dataease/dataease/releases/tag/v1.18.11"
        }
      ],
      "source": {
        "advisory": "GHSA-w2r4-2r4w-fjxv",
        "discovery": "UNKNOWN"
      },
      "title": "DataEase has a vulnerability to obtain user cookies"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-40183",
    "datePublished": "2023-09-21T14:21:49.833Z",
    "dateReserved": "2023-08-09T15:26:41.053Z",
    "dateUpdated": "2024-09-24T18:17:15.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-40183\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-09-21T15:15:10.197\",\"lastModified\":\"2024-11-21T08:18:57.110\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds.\"},{\"lang\":\"es\",\"value\":\"DataEase es una herramienta de an\u00e1lisis y visualizaci\u00f3n de datos de c\u00f3digo abierto. Antes de la versi\u00f3n 1.18.11, DataEase ten\u00eda una vulnerabilidad que permit\u00eda a un atacante obtener cookies de usuario. El programa s\u00f3lo utiliza el m\u00e9todo `ImageIO.read()` para determinar si el archivo es un archivo de imagen o no. No existe ninguna restricci\u00f3n de inclusi\u00f3n en la lista blanca de sufijos de archivos. Esto permite al atacante sintetizar el c\u00f3digo de ataque en una imagen para cargarla y cambiar la extensi\u00f3n del archivo a html. El atacante puede robar las cookies del usuario accediendo a enlaces. La vulnerabilidad se ha solucionado en v1.18.11. No se conocen workarounds.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.18.11\",\"matchCriteriaId\":\"663C4AF0-7E54-43AE-9B19-031662BCEA62\"}]}]}],\"references\":[{\"url\":\"https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/dataease/dataease/releases/tag/v1.18.11\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/dataease/dataease/releases/tag/v1.18.11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.