CVE-2020-8817 : Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata.

Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata.

Published 2020-09-14 14:15:11

Updated 2020-09-18 15:27:29

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-8817

Probability of exploitation activity in the next 30 days: 0.08%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 34 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:N	8.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	2.8	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None

https://doc.dataiku.com/dss/latest/security/advisories/cve-2020-8817.html

Ability to tamper with creation and ownership metadata — Dataiku DSS 8.0 documentation
Vendor Advisory
https://doc.dataiku.com/dss/latest/release_notes/6.0.htm

404 Not Found
Broken Link

Dataiku » Data Science Studio
Versions before (<) 6.0.5
cpe:2.3:a:dataiku:data_science_studio:*:*:*:*:*:*:*:*
Matching versions