Stored XSS in dataset settings

Information

  • Advisory ID: DSA-2022-008

  • CVSS String: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  • CVSS Base Score: 8.8 (High)

  • CWE classification: CWE-79

Summary

Insufficient input sanitization could lead to a stored XSS in the “Preview” table of dataset settings

Affected Products

Dataiku DSS in versions before 10.0.8

Mitigation

Dataiku DSS 10.0.8 has been made available to customers to remediate this issue