CVE-2023-51717
- EPSS 0.07%
- Veröffentlicht 09.01.2024 02:15:45
- Zuletzt bearbeitet 16.06.2025 19:15:26
Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.
CVE-2023-24045
- EPSS 0.34%
- Veröffentlicht 01.03.2023 01:15:10
- Zuletzt bearbeitet 10.03.2025 19:15:37
In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request.
CVE-2021-27225
- EPSS 0.09%
- Veröffentlicht 01.03.2021 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:57:38
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.
CVE-2020-8817
- EPSS 0.32%
- Veröffentlicht 14.09.2020 14:15:11
- Zuletzt bearbeitet 21.11.2024 05:39:29
Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata.
CVE-2018-10732
- EPSS 0.5%
- Veröffentlicht 28.05.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:41:56
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.