Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03aHY2LWd2MzgtNzh3as4AAzl_
DataEase API interface has IDOR vulnerability
Impact
The api interface for DataEase delete dashboard and delete system messages is vulnerable to IDOR.
The interface to delete the dashboard:
- Create two users: user1 and user2
- User1 creates a dashboard named pan1
- User2 creates a dashboard named pan2
- Both user1 and user2 share their dashboards with the demo user
- User1 wants to delete his dashboard. We hijack the request with burpsuite. The request will probably look like this: POST /api/share/removePanelShares/440efa7f-efd8-11ed-bec7-1144724bc08c HTTP/1.1. 440efa7f-efd8-11ed-bec7-1144724bc08c is the ID of pan1
- We replace this ID with the ID of pan2 and continue the execution (i.e. we delete the shares of others)
- Successfully remove the shared link
The interface to delete system messages:
- Our request to delete a message is shown below
- We can delete all messages by simply enumerating the message ID, regardless of whether the message belongs to the requester or not.
- The interface for marking read messages is also affected
Affected versions: <= 1.18.6
Patches
The vulnerability has been fixed in v1.18.7.
Workarounds
It is recommended to upgrade the version to v1.18.7.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/dataease/dataease
Email us at [email protected]
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03aHY2LWd2MzgtNzh3as4AAzl_
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 11 months ago
Updated: 6 months ago
CVSS Score: 8.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Identifiers: GHSA-7hv6-gv38-78wj, CVE-2023-32310
References:
- https://github.com/dataease/dataease/security/advisories/GHSA-7hv6-gv38-78wj
- https://nvd.nist.gov/vuln/detail/CVE-2023-32310
- https://github.com/dataease/dataease/pull/5342
- https://github.com/dataease/dataease/commit/72f428e87b5395c03d2f94ef6185fc247ddbc8dc
- https://github.com/dataease/dataease/releases/tag/v1.18.7
- https://github.com/advisories/GHSA-7hv6-gv38-78wj
Blast Radius: 2.4
Affected Packages
maven:io.dataease:dataease-plugin-common
Dependent packages: 4Dependent repositories: 2
Downloads:
Affected Version Ranges: <= 1.18.6
Fixed in: 1.18.7
All affected versions: 1.8.0, 1.9.0, 1.10.0, 1.11.0, 1.11.1, 1.11.3, 1.12.0, 1.13.0, 1.14.0, 1.15.0, 1.16.0, 1.17.0, 1.18.0, 1.18.1, 1.18.2, 1.18.3, 1.18.4, 1.18.5, 1.18.6
All unaffected versions: 1.18.7, 1.18.8, 1.18.9, 1.18.10, 1.18.11, 1.18.12, 1.18.13, 1.18.14, 1.18.15, 1.18.16