Lucene search
K

39 matches found

Cvelist
Cvelist
added 2023/03/01 12:0 a.m.30 views

CVE-2023-24045

In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request...

6.6AI score0.00752EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/03/01 12:0 a.m.7 views

CVE-2023-24045

In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request...

6.6AI score0.00752EPSS
Exploits1References2
CVE
CVE
added 2023/03/01 12:0 a.m.48 views

CVE-2023-24045

In Dataiku DSS 11.2.1, an attacker can download other users’ files uploaded to the myfiles area by specifying the target username in a download request. This originates from a path/input validation flaw that allows unauthorized access to files. Exploitation details are not provided beyond the des...

6.5CVSS6.4AI score0.00752EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/03/01 1:15 a.m.3 views

CVE-2021-27225

In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users who have coding permissions to read and overwrite notebooks in projects that they are not authorized to access...

5.4CVSS6.1AI score0.00515EPSS
Exploits0References2
NVD
NVD
added 2021/03/01 1:15 a.m.19 views

CVE-2021-27225

In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users who have coding permissions to read and overwrite notebooks in projects that they are not authorized to access...

5.5CVSS0.00515EPSS
Exploits0References2
Prion
Prion
added 2021/03/01 1:15 a.m.20 views

Improper access control

In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users who have coding permissions to read and overwrite notebooks in projects that they are not authorized to access...

5.5CVSS5.4AI score0.00515EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/01 12:24 a.m.24 views

CVE-2021-27225

In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users who have coding permissions to read and overwrite notebooks in projects that they are not authorized to access...

5.4CVSS5.7AI score0.00515EPSS
Exploits0References2
CVE
CVE
added 2021/03/01 12:24 a.m.86 views

CVE-2021-27225

CVE-2021-27225 affects Dataiku DSS prior to 8.0.6. The issue is insufficient access control in the Jupyter notebooks integration, allowing users with coding permissions to read and overwrite notebooks in projects they are not authorized to access. This is documented across multiple sources (NVD/R...

5.5CVSS5.4AI score0.00515EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/03/01 12:0 a.m.3 views

Dataiku Jupyter 访问控制错误漏洞

Dataiku Jupyter is a Dataiku open source application . It provides an online editable text Dataiku DSS before 8.0.6 An Access Control Error vulnerability exists that stems from insufficient access control in the jupiter notebooks integration, which allows a user to read and overwrite notebooks in...

5.5CVSS5.8AI score0.00515EPSS
Exploits0References2
NVD
NVD
added 2020/09/14 2:15 p.m.23 views

CVE-2020-8817

Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata...

8.1CVSS0.00885EPSS
Exploits0References2
OSV
OSV
added 2020/09/14 2:15 p.m.5 views

CVE-2020-8817

Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata...

8.1CVSS5.8AI score0.00885EPSS
Exploits0References2
Prion
Prion
added 2020/09/14 2:15 p.m.18 views

Design/Logic Flaw

Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata...

5.5CVSS8AI score0.00885EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/09/14 1:47 p.m.41 views

CVE-2020-8817

CVE-2020-8817 affects Dataiku DSS prior to 6.0.5. The issue lets an attacker with access to a project modify the project’s Created by metadata (write access to the project). CVSS vectors indicate high impact for confidentiality and integrity (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N; base 8.1). No exp...

8.1CVSS8AI score0.00885EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/09/14 1:47 p.m.21 views

CVE-2020-8817

Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata...

8.1AI score0.00885EPSS
Exploits0References2
CNVD
CNVD
added 2018/05/29 12:0 a.m.3 views

Dataiku DSS Information Disclosure Vulnerability

Dataiku DSS is a data processing collaboration platform. the REST API is one of the APIs that supports lightweight REST style web scripts. A security vulnerability exists in the REST API in Dataiku DSS versions prior to 4.2.3. A remote attacker could exploit the vulnerability to obtain sensitive...

5.3CVSS6.5AI score0.01613EPSS
Exploits0References1
OSV
OSV
added 2018/05/28 5:29 p.m.5 views

CVE-2018-10732

The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information i.e., determine if a username is valid because of profile pictures visibility...

5.3CVSS5.8AI score0.01613EPSS
Exploits0References2
Prion
Prion
added 2018/05/28 5:29 p.m.19 views

Cross site request forgery (csrf)

The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information i.e., determine if a username is valid because of profile pictures visibility...

5CVSS5.1AI score0.01613EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/05/28 5:29 p.m.20 views

CVE-2018-10732

The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information i.e., determine if a username is valid because of profile pictures visibility...

5.3CVSS5.1AI score0.01613EPSS
Exploits0References2
CVE
CVE
added 2018/05/28 5:0 p.m.41 views

CVE-2018-10732

Dataiku DSS REST API (affected product: Dataiku DSS) prior to version 4.2.3 is affected. The vulnerability arises from profile pictures visibility in the REST API, enabling remote attackers to determine whether a username is valid (information disclosure). The root cause is insufficient access co...

5.3CVSS5.1AI score0.01613EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder