Takeover of Jupyter notebooks¶
Information¶
Advisory ID: DSA-2022-020
CVSS Base Score: 7.5
CVSS String: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High
CWE classification: CWE-284
Summary¶
In Dataiku DSS before 11.1.0, insufficient acces control could allow an authenticated attacker to take control over another user’s Jupyter notebooks
Affected Products¶
Dataiku DSS before 11.1.0
Fix¶
Dataiku DSS 11.1.0 has been made available to customers to remediate this issue