Dataiku

dataiku

5 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Data Science Studio

data_science_studio

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-51717 1Dataiku 1Data Science Studio Jun 16, 2025 Jan 9, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.
CVE-2023-24045 1Dataiku 1Data Science Studio Mar 10, 2025 Mar 1, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request.
CVE-2021-27225 1Dataiku 1Data Science Studio Nov 21, 2024 Mar 1, 2021 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.
CVE-2020-8817 1Dataiku 1Data Science Studio Nov 21, 2024 Sep 14, 2020 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata.
CVE-2018-10732 1Dataiku 1Data Science Studio Nov 21, 2024 May 28, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.