Impact
The vulnerability originates from a hardcoded JWT signing secret in DataEase’s ShareLink module. Attackers who can obtain a passwordless share for a resource or user can exploit the known key link-pwd-fit2cloud, forge linkToken JWTs, bypass TokenFilter verification, and access backend resources as the share creator even after the share has been revoked. This allows unauthorized access to protected data and services.
Affected Systems
DataEase dataease, all versions prior to 2.10.24, are affected. The vulnerability exists within the ShareSecretManage component and the hardcoded default share link signature key.
Risk and Exploitability
The CVSS score of 8.3 indicates high severity. EPSS is not available, so exploitation likelihood is uncertain, but the lack of KEV listing does not reduce the potential impact. The attack vector requires access to a valid passwordless share, after which the attacker can easily construct a valid JWT using the hardcoded key. This can be performed without privileged access or code execution, making the flaw highly exploitable for users who share links or expose ShareLink URLs.
OpenCVE Enrichment