CVE-2024-23768

Name of the Vulnerable Software and Affected Versions Dremio versions 22.0.0 through 22.2.2 Dremio versions 23.0.0 through 23.2.3 Dremio versions 24.0.0 through 24.3.0

Description The issue allows an authenticated user with no privileges on certain folders to access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source.

Recommendations For versions 22.0.0 through 22.2.2, update to version 22.2.3 or later. For versions 23.0.0 through 23.2.3, update to version 23.2.4 or later. For versions 24.0.0 through 24.3.0, update to version 24.3.1 or later.