Race condition on UIF can lead to account takeover¶
Advisory ID: DSA-2022-023
CVSS Base Score: 8.8
CVSS String: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE classification: CWE-367
It was discovered that a race condition User Isolation impersonated execution could lead to the ability for an attacker to take over another user’s UNIX account.
Dataiku DSS before 11.1.4
Dataiku DSS 11.1.4 has been made available to customers to remediate this issue