Description
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.
Remediation
References
https://github.com/dataease/dataease/issues/2429
Related Vulnerabilities
CVE-2020-9480 Vulnerability in maven package org.apache.spark:spark-network-shuffle_2.11
CVE-2022-3952 Vulnerability in maven package com.manydesigns:portofino-microservice-launcher
CVE-2018-16490 Vulnerability in npm package mpath
CVE-2023-46659 Vulnerability in maven package org.jenkins-ci.plugins:trac