PT-2025-49540 · Knime · Knime Business Hub
Published
2025-12-08
·
Updated
2026-02-27
·
CVE-2025-14262
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Green |
Name of the Vulnerable Software and Affected Versions
KNIME Business Hub versions prior to 1.17.0
Description
A flaw exists in KNIME Business Hub that, before version 1.17.0, allowed an authenticated user to incorrectly save jobs belonging to other users as if they were the owner. This occurred due to an insufficient permission check before saving jobs. An attacker with access to jobs could potentially save them into spaces where they lacked write permissions, effectively altering ownership.
Recommendations
Update KNIME Business Hub to version 1.17.0 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Knime Business Hub