Headline
GHSA-c2pj-rr68-pw94: Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. Version 1.11.2 contains a patch for this issue.
Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin
High severity GitHub Reviewed Published Jul 23, 2022 • Updated Jul 27, 2022
Related news
CVE-2022-34112: [Bug]普通权限越权卸载插件 · Issue #2429 · dataease/dataease
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.