CVE-2024-57971

Name of the Vulnerable Software and Affected Versions Knowage Server versions prior to 8.1.30

Description The issue arises from the DataSourceResource.java in the SpagoBI API support, which does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name. This could allow an authenticated attacker with high privileges to manipulate JNDI resource identifiers.

Recommendations For versions prior to 8.1.30, update to version 8.1.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the SpagoBI API support to minimize the risk of exploitation.