DataEase Arbitrary File Read Vulnerability via JDBC Connection

A high-severity vulnerability in DataEase, an open-source business intelligence and data visualization tool, allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. This issue affects versions prior to 2.10.6 and is a result of improper validation of MySQL JDBC connection parameters, which can be exploited to bypass security checks and inject malicious JDBC strings.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server, potentially including application data or configuration files.

Reproduction

To reproduce this vulnerability, an authenticated user can send a request to the DataEase API datasource validation endpoint. The request must include a JDBC connection string that exploits the vulnerability by bypassing the application's parameter validation. Once the malicious JDBC string is processed, the user can read arbitrary files through the JDBC connection.

Remediation

Users are advised to upgrade DataEase to version 2.10.10 or later, where this vulnerability has been fixed.