Datart Information Exposure Vulnerability via Custom H2 JDBC Connection String

A vulnerability allowing information exposure exists in Datart version 1.0.0-rc.3. This issue enables authenticated attackers to access sensitive data by using a custom H2 JDBC connection string that points to the application's internal database file. Exploitation of this vulnerability allows for querying system tables that contain user credentials and configuration details.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, including user credentials and database configuration details. Additionally, according to the CVE repository, this vulnerability could be exploited to impersonate users, including administrators, by forging valid JWT tokens using the retrieved password hashes.

Reproduction

To reproduce this vulnerability, log into Datart v1.0.0-rc.3 and navigate to the 'Data Source' section. Create a new data source and select 'H2' as the type. Enter a JDBC URL that points to the local internal database file, then test the connection and save the data source. Once the data source is created, use the SQL editor or create a chart to execute queries against the internal database.