CVE-2024-30269

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.
Configurations

No configuration.

History

No history.

Information

Published : 2024-04-08 15:15

Updated : 2024-04-08 18:48


NVD link : CVE-2024-30269

Mitre link : CVE-2024-30269

CVE.ORG link : CVE-2024-30269


JSON object : View

Products Affected

No product.

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor