39 matches found
CVE-2023-24045
In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request...
CVE-2023-24045
In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request...
CVE-2023-24045
In Dataiku DSS 11.2.1, an attacker can download other users’ files uploaded to the myfiles area by specifying the target username in a download request. This originates from a path/input validation flaw that allows unauthorized access to files. Exploitation details are not provided beyond the des...
CVE-2021-27225
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users who have coding permissions to read and overwrite notebooks in projects that they are not authorized to access...
CVE-2021-27225
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users who have coding permissions to read and overwrite notebooks in projects that they are not authorized to access...
Improper access control
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users who have coding permissions to read and overwrite notebooks in projects that they are not authorized to access...
CVE-2021-27225
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users who have coding permissions to read and overwrite notebooks in projects that they are not authorized to access...
CVE-2021-27225
CVE-2021-27225 affects Dataiku DSS prior to 8.0.6. The issue is insufficient access control in the Jupyter notebooks integration, allowing users with coding permissions to read and overwrite notebooks in projects they are not authorized to access. This is documented across multiple sources (NVD/R...
Dataiku Jupyter 访问控制错误漏洞
Dataiku Jupyter is a Dataiku open source application . It provides an online editable text Dataiku DSS before 8.0.6 An Access Control Error vulnerability exists that stems from insufficient access control in the jupiter notebooks integration, which allows a user to read and overwrite notebooks in...
CVE-2020-8817
Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata...
CVE-2020-8817
Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata...
Design/Logic Flaw
Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata...
CVE-2020-8817
CVE-2020-8817 affects Dataiku DSS prior to 6.0.5. The issue lets an attacker with access to a project modify the project’s Created by metadata (write access to the project). CVSS vectors indicate high impact for confidentiality and integrity (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N; base 8.1). No exp...
CVE-2020-8817
Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata...
Dataiku DSS Information Disclosure Vulnerability
Dataiku DSS is a data processing collaboration platform. the REST API is one of the APIs that supports lightweight REST style web scripts. A security vulnerability exists in the REST API in Dataiku DSS versions prior to 4.2.3. A remote attacker could exploit the vulnerability to obtain sensitive...
CVE-2018-10732
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information i.e., determine if a username is valid because of profile pictures visibility...
Cross site request forgery (csrf)
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information i.e., determine if a username is valid because of profile pictures visibility...
CVE-2018-10732
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information i.e., determine if a username is valid because of profile pictures visibility...
CVE-2018-10732
Dataiku DSS REST API (affected product: Dataiku DSS) prior to version 4.2.3 is affected. The vulnerability arises from profile pictures visibility in the REST API, enabling remote attackers to determine whether a username is valid (information disclosure). The root cause is insufficient access co...