Insufficient access control to project variables¶
Information¶
Advisory ID: DSA-2022-013
CVSS String: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS Base Score: 4.3 (Medium)
CWE classification: CWE-200
Summary¶
It was discovered that an endpoint allowing the read of project variables did not properly check for access to the project. This could lead to disclosure of sensitive information in project variables.
Affected Products¶
Dataiku DSS 9 and older versions
Dataiku DSS 10 before 10.0.9
Dataiku DSS 11 before 11.0.3
Fix¶
Dataiku DSS 10.0.9 and Dataiku DSS 11.0.3 have been made available to customers to remediate this issue