Skip to main content

Data Science Studio

5 CVEs product

Monthly

CVE-2023-51717 CRITICAL Act Now

Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Data Science Studio
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-24045 MEDIUM POC This Month

In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Data Science Studio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-27225 MEDIUM This Month

In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Data Science Studio
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-8817 HIGH This Week

Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Science Studio
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2018-10732 MEDIUM This Month

The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Data Science Studio
NVD GitHub
CVSS 3.0
5.3
EPSS
1.6%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Data Science Studio
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Data Science Studio
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Data Science Studio
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Science Studio
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Data Science Studio
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy