Insufficient authorization for Document Extraction¶
Information¶
Advisory ID: DSA-2026-011
CVSS Base Score: 6.5
CVSS String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity: Medium
CWE classification: CWE-639
Summary¶
In Dataiku DSS before 14.7.1, insufficient check when extracting the content of a document could allow writing extracted information to another project without write access to that project.
Affected Products¶
Dataiku DSS before 14.7.1
Fix¶
Dataiku 14.7.1 has been made available to customers to remediate this issue.