CVE-2023-3140

Name of the Vulnerable Software and Affected Versions KNIME Business Hub versions prior to 1.4.0

Description The issue is related to missing HTTP headers, specifically X-Frame-Options and Content-Security-Policy, in KNIME Business Hub. This omission leaves users vulnerable to clickjacking attacks. Clickjacking is a type of attack where an attacker uses a transparent iframe to trick a user into clicking on an actionable item, such as a button or link, on a different server that has an identical webpage. The attacker essentially hijacks the user's activity intended for the original server and redirects it to another server.

Recommendations For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent clickjacking attacks, such as configuring the X-Frame-Options and Content-Security-Policy headers manually. Restrict access to sensitive areas of the application to minimize the risk of exploitation.