DataEase Authentication Vulnerability in TokenFilter Class Leading to Unauthorized Access

An authentication vulnerability has been identified in DataEase versions prior to 2.10.6, specifically within the io.dataease.auth.filter.TokenFilter class. This flaw creates a risk of unauthorized access by improperly validating request URLs against a whitelist, allowing bypasses of authentication requirements. The issue arises when the server.servlet.context-path is customized, enabling exploitation by manipulating the request URL to evade token verification.

Impact

Exploitation of this vulnerability allows unauthorized access to protected resources or endpoints, bypassing authentication mechanisms.

Reproduction

To reproduce this vulnerability, deploy DataEase with a custom context path, such as '/demo'. After starting the application, access a protected endpoint, like '/de2api/user/info', without a valid token. The server will respond with an error, indicating that token verification was not performed. However, if the request is made to '/geo/../demo/de2api/user/info', the application will process the request and return the expected data, demonstrating the authentication bypass.

Remediation

Users are advised to upgrade to DataEase version 2.10.6, where this vulnerability has been fixed.