Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network endpoint reachable with low complexity; PR:L because a valid share-link token is required; confidentiality-only data exposure with no integrity or availability impact and no scope change.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing an attacker with a valid share link token to replace dataset identifiers and retrieve unauthorized data through POST /de2api/chartData/getData. This issue is fixed in version 2.10.24.
AnalysisAI
Insecure Direct Object Reference in DataEase before 2.10.24 lets a holder of any valid share-link token retrieve arbitrary datasets by tampering with the request body. The share-mode chart endpoint POST /de2api/chartData/getData validates only that sceneId matches the resourceId bound to the link token, but never checks that the supplied tableId and field IDs belong to the shared resource, so an attacker can swap in identifiers for datasets they were never granted. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires possession of a valid DataEase share-link token (PR:L) - i.e., the target instance must have the share feature enabled and a link issued to the attacker or otherwise obtained by them; a fully unauthenticated outsider with no token cannot exploit it. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 score is 7.1 (High) with vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N - network reachable, low complexity, no attack requirements, but requiring low privileges (PR:L) in the form of a valid share-link token, and impacting confidentiality only (VC:H, no integrity or availability effect). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An organization shares a single DataEase chart with an external partner via a share link. The partner (or anyone who obtains that link token) sends POST /de2api/chartData/getData with the valid sceneId but substitutes the tableId and field IDs of a sensitive internal dataset such as HR or financial data. … |
| Remediation | Vendor-released patch: upgrade DataEase to version 2.10.24 or later, which adds validation that the tableId and field IDs in the getData request belong to the shared resource (fix commit c4e85a981e53c95b1ea73757db31e3025efdc410, release https://github.com/dataease/dataease/releases/tag/v2.10.24, advisory https://github.com/dataease/dataease/security/advisories/GHSA-qcf4-345v-6vg9). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all active DataEase share-link tokens and immediately revoke any shared with external or untrusted recipients; document current internal share-link users and their permitted datasets. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor m
Auth bypass in DataEase via CVE-2025-49001 patch evasion. PoC available.
Auth bypass in DataEase BI tool before 2.10.10.
A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.
A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.
A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.
DataEase data visualization tool prior to 2.10.19 uses MD5-hashed passwords without salting, allowing attackers to crack
DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is r
DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is r
DataEase is an open source data visualization and analysis tool. Rated critical severity (CVSS 9.8), this vulnerability
Dataease is an open source data visualization and analysis tool. Rated critical severity (CVSS 9.8), this vulnerability
Dataease is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is r
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42100