CVE-2023-40183 - OpenCVE

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dataease	Dataease

Configuration 1 [-]

cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569
https://github.com/dataease/dataease/releases/tag/v1.18.11
https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-09-21T14:21:49.833Z

Updated: 2024-08-02T18:24:55.642Z

Reserved: 2023-08-09T15:26:41.053Z

Link: CVE-2023-40183

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-21T15:15:10.197

Modified: 2023-09-26T14:59:41.697

Link: CVE-2023-40183

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40183", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-09T15:26:41.053Z", "datePublished": "2023-09-21T14:21:49.833Z", "dateUpdated": "2024-08-02T18:24:55.642Z"}, "containers": {"cna": {"title": "DataEase has a vulnerability to obtain user cookies", "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "lang": "en", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv"}, {"name": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569", "tags": ["x_refsource_MISC"], "url": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569"}, {"name": "https://github.com/dataease/dataease/releases/tag/v1.18.11", "tags": ["x_refsource_MISC"], "url": "https://github.com/dataease/dataease/releases/tag/v1.18.11"}], "affected": [{"vendor": "dataease", "product": "dataease", "versions": [{"version": "< 1.18.11", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-21T14:21:49.833Z"}, "descriptions": [{"lang": "en", "value": "DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds."}], "source": {"advisory": "GHSA-w2r4-2r4w-fjxv", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:55.642Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv"}, {"name": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569"}, {"name": "https://github.com/dataease/dataease/releases/tag/v1.18.11", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/dataease/dataease/releases/tag/v1.18.11"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*", "matchCriteriaId": "663C4AF0-7E54-43AE-9B19-031662BCEA62", "versionEndExcluding": "1.18.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds."}, {"lang": "es", "value": "DataEase es una herramienta de an\u00e1lisis y visualizaci\u00f3n de datos de c\u00f3digo abierto. Antes de la versi\u00f3n 1.18.11, DataEase ten\u00eda una vulnerabilidad que permit\u00eda a un atacante obtener cookies de usuario. El programa s\u00f3lo utiliza el m\u00e9todo `ImageIO.read()` para determinar si el archivo es un archivo de imagen o no. No existe ninguna restricci\u00f3n de inclusi\u00f3n en la lista blanca de sufijos de archivos. Esto permite al atacante sintetizar el c\u00f3digo de ataque en una imagen para cargarla y cambiar la extensi\u00f3n del archivo a html. El atacante puede robar las cookies del usuario accediendo a enlaces. La vulnerabilidad se ha solucionado en v1.18.11. No se conocen workarounds."}], "id": "CVE-2023-40183", "lastModified": "2023-09-26T14:59:41.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-09-21T15:15:10.197", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/dataease/dataease/releases/tag/v1.18.11"}, {"source": "security-advisories@github.com", "tags": ["Exploit"], "url": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security-advisories@github.com", "type": "Primary"}]}