alt3kx/CVE-2018-10732
GitHub
Releases0
Dataiku REST-API by default the software, allows anonymous access to functionality that allows an attacker to know valid users.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| — | 5 MEDIUM | ||
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility. | |||