Incorrect access control allows users to edit discussions


  • CVE Id: CVE-2020-25822

  • CVSS 3.0 Score: 4.3

  • Severity: Medium

  • CWE classification: CWE-273 - Incorrect Access Control

  • CVSS 3.0 string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N


The discussions feature allows users to edit their own posts. Insufficient access control on the API endpoint used to edit posts allows other users (who have permission to comment and modify their posts) to modify posts of other users.

Affected Products

Dataiku DSS in versions before 8.0.2


This vulnerability was discovered by


Dataiku DSS 8.0.2 has been made available to customers to remediate this issue