Masseb974

**Name of the Vulnerable Software and Affected Versions** Knowage Server versions prior to 8.1.30 **Description** The issue arises from the DataSourceResource.java in the SpagoBI API support, which does not ensure that `java:comp/env/jdbc/` occurs at the beginning of a JNDI Name. This could allow an authenticated attacker with high privileges to manipulate JNDI resource identifiers. **Recommendations** For versions prior to 8.1.30, update to version 8.1.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the SpagoBI API support to minimize the risk of exploitation.