Dataiku Data_science_studio
5 CVEs affecting Dataiku Data_science_studio. Latest disclosed: 2024-01-09. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-51717 | Critical | 9.8 | 2024-01-09 | Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass. |
CVE-2020-8817 | High | 8.1 | 2020-09-14 | Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata. |
CVE-2023-24045 | Medium | 6.5 | 2023-03-01 | In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download r… |
CVE-2021-27225 | Medium | 5.4 | 2021-03-01 | In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite… |
CVE-2018-10732 | Medium | 5.3 | 2018-05-28 | The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pi… |