CVE-2024-38302

Name of the Vulnerable Software and Affected Versions: Dell Data Lakehouse version 1.0.0.0

Description: The issue is related to a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst) component. This could allow a low-privileged attacker with adjacent network access to potentially exploit the vulnerability, leading to information disclosure. The vulnerability is associated with a lack of encryption measures for data, which could enable a remote attacker to disclose protected information.

Recommendations: For Dell Data Lakehouse version 1.0.0.0, consider implementing encryption for sensitive data in the DDAE (Starburst) component to prevent information disclosure. As a temporary workaround, restrict access to sensitive data until a proper encryption mechanism is in place.