exploitDog

CVE-2021-27225

Опубликовано: 01 мар. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 5.5

EPSS Низкий

Описание

In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.

Ссылки

https://doc.dataiku.com/dss/8.0/security/advisories/cve-2021-27225.html
Vendor Advisory
https://doc.dataiku.com/dss/latest/
Vendor Advisory
https://doc.dataiku.com/dss/8.0/security/advisories/cve-2021-27225.html
Vendor Advisory
https://doc.dataiku.com/dss/latest/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dataiku:data_science_studio:*:*:*:*:*:*:*:*

Версия до 8.0.6 (исключая)

EPSS

Процентиль: 33%

0.00132

Низкий

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-mp33-8vpj-672c

github

больше 3 лет назад

In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.

EPSS

Процентиль: 33%

0.00132

Низкий

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-863