Insufficient access control on active web content via static insights


  • Advisory ID: DSA-2023-006

  • CVSS Base Score: 7.3

  • CVSS String: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

  • Severity: High

  • CWE classification: CWE-269


It was discovered that a user who has privilege to write code but not privilege to write active web content could still cause active web content to be displayed to other users through the usage of static insights.

Affected Products

  • Dataiku DSS before 12.1.1


Dataiku DSS 12.1.1 has been made available to customers to remediate this issue