Dataiku Data Science Studio — known CVE vulnerabilities
Every CVE whose affected-product data names Dataiku Data Science Studio, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-51717 — CVSS 9.8 (critical): Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.
CVE-2020-8817 — CVSS 8.1 (high): Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata.
CVE-2023-24045 — CVSS 6.5 (medium): In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target…
CVE-2021-27225 — CVSS 5.4 (medium): In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to…
CVE-2018-10732 — CVSS 5.3 (medium): The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid)…