Dataiku · Dataiku Dss · CVE-2021-27225
Name of the Vulnerable Software and Affected Versions:
Dataiku DSS versions prior to 8.0.6
Description:
The issue is related to insufficient access control in the Jupyter notebooks integration, allowing users with coding permissions to read and overwrite notebooks in projects they are not authorized to access.
Recommendations:
For versions prior to 8.0.6, update to version 8.0.6 or later to resolve the issue. As a temporary workaround, consider restricting coding permissions to authorized users or limiting access to sensitive projects until the update is applied.