Insufficient access control on active web content via static insights¶
Advisory ID: DSA-2023-006
CVSS Base Score: 7.3
CVSS String: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CWE classification: CWE-269
It was discovered that a user who has privilege to write code but not privilege to write active web content could still cause active web content to be displayed to other users through the usage of static insights.
Dataiku DSS before 12.1.1
Dataiku DSS 12.1.1 has been made available to customers to remediate this issue