Insufficient authorization for Document Extraction¶
Information¶
Advisory ID: DSA-2026-010
CVSS Base Score: 6.5
CVSS String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: Medium
CWE classification: CWE-639
Summary¶
In Dataiku DSS before 14.7.1, insufficient check when extracting the content of a document could allow extraction of information from a document from another project without access to that project.
Affected Products¶
Dataiku DSS before 14.7.1
Fix¶
Dataiku 14.7.1 has been made available to customers to remediate this issue.