CVE-2024-47073 – This vulnerability allows attackers to forge JW... (How to Fix)

Q: What is the severity of CVE-2024-47073?

CVE-2024-47073 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows attackers to forge JWT tokens due to missing signature verification in DataEase. Attackers can gain unauthorized access to any interface in affected versions. All DataEase users running vulnerable versions are affected.

📋 TL;DR

This vulnerability allows attackers to forge JWT tokens due to missing signature verification in DataEase. Attackers can gain unauthorized access to any interface in affected versions. All DataEase users running vulnerable versions are affected.

💻 Affected Systems

Products:

DataEase

Versions: All versions before v2.10.2

Operating Systems: All platforms running DataEase

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments are vulnerable regardless of configuration. The vulnerability exists in the JWT token validation mechanism.

📦 What is this software?

Dataease by Dataease

View all CVEs affecting Dataease →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attackers gain administrative access to all data visualization functions, potentially accessing sensitive business data and modifying dashboards/reports.

🟠

Likely Case

Unauthorized access to business intelligence data, dashboard manipulation, and potential data exfiltration from compromised accounts.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access, but internal threats remain.

🌐 Internet-Facing: HIGH - Any internet-facing DataEase instance is immediately vulnerable to authentication bypass.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts can exploit this to escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires initial access to create forged tokens, but the technical complexity is low once an attacker understands the JWT structure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.10.2

Vendor Advisory: https://github.com/dataease/dataease/security/advisories/GHSA-5jr4-wrm2-xj36

Restart Required: Yes

Instructions:

1. Backup your DataEase configuration and data. 2. Stop the DataEase service. 3. Upgrade to v2.10.2 using your package manager or manual installation. 4. Restart the DataEase service. 5. Verify the upgrade was successful.

🧯 If You Can't Patch

Isolate DataEase instances behind strict network access controls, allowing only trusted IP addresses.
Implement additional authentication layer (like reverse proxy with authentication) in front of DataEase.

🔍 How to Verify

Check if Vulnerable:

Check DataEase version via web interface admin panel or by examining the application files/version metadata.

Check Version:

Check web interface at /#/system/about or examine deployment files for version information.

Verify Fix Applied:

Verify version is v2.10.2 or later and test JWT token validation by attempting to use a modified token (in a controlled test environment).

📡 Detection & Monitoring

Log Indicators:

Unusual authentication patterns
Access from unexpected user accounts
Failed JWT validation attempts before patch

Network Indicators:

Unusual API calls from unexpected sources
Authentication bypass attempts

SIEM Query:

source="dataease" AND (event_type="authentication_failure" OR user="unknown" OR action="unauthorized_access")

📊 Metadata

CVE ID: CVE-2024-47073

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-347

Published: November 7, 2024

Last Updated: February 20, 2025

🔗 References

https://github.com/dataease/dataease/security/advisories/GHSA-5jr4-wrm2-xj36 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47073, you might also want to check these: