CVE-2022-23331

In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
dataeasedataease
1.6.1
𝑥
= Vulnerable software versions
References
https://github.com/dataease/dataease/issues/1618
https://github.com/dataease/dataease/issues/1618