CVE-2021-27225

CVE-2021-27225 affects Dataiku DSS prior to 8.0.6. The issue is insufficient access control in the Jupyter notebooks integration, allowing users with coding permissions to read and overwrite notebooks in projects they are not authorized to access. This is documented across multiple sources (NVD/R...

CVE-2023-51717

CVE-2023-51717 affects Dataiku DSS prior to 11.4.5 and prior to 12.4.1 with an Incorrect Access Control that could lead to a full authentication bypass. Affected software is Dataiku DSS (versions before 11.4.5 and before 12.4.1). Root cause is improper access control allowing bypass of authentica...

CVE-2023-24045

In Dataiku DSS 11.2.1, an attacker can download other users’ files uploaded to the myfiles area by specifying the target username in a download request. This originates from a path/input validation flaw that allows unauthorized access to files. Exploitation details are not provided beyond the des...

CVE-2018-10732

Dataiku DSS REST API (affected product: Dataiku DSS) prior to version 4.2.3 is affected. The vulnerability arises from profile pictures visibility in the REST API, enabling remote attackers to determine whether a username is valid (information disclosure). The root cause is insufficient access co...

CVE-2020-8817

CVE-2020-8817 affects Dataiku DSS prior to 6.0.5. The issue lets an attacker with access to a project modify the project’s Created by metadata (write access to the project). CVSS vectors indicate high impact for confidentiality and integrity (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N; base 8.1). No exp...