CVE-2022-34112

Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin in maven/io.dataease/dataease-plugin-common

Identifiers

GHSA-c2pj-rr68-pw94, CVE-2022-34112

Package Slug

maven/io.dataease/dataease-plugin-common

Vulnerability

Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin

Description

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.

Affected Versions

All versions up to 1.11.1

Solution

Upgrade to version 1.11.2 or above.

Last Modified

2022-07-29

source