CVE-2018-10732
Published
CVSS v3
N/A
CVSS v2
5
MEDIUM
Affected
1
PROJECT
Description
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.
Dataiku REST-API by default the software, allows anonymous access to functionality that allows an attacker to know valid users.
GitHub