CVE-2018-10732

MEDIUM

Dataiku Data Science Studio < 4.2.3 - Information Disclosure

Title source: rule

Description

The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.

Exploits (1)

nomisec WRITEUP

by alt3kx · poc

https://github.com/alt3kx/CVE-2018-10732

View Code ZIP pw:eip

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

https://github.com/alt3kx/CVE-2018-10732

Release Notes, Vendor Advisory x_refsource_misc

https://doc.dataiku.com/dss/latest/release_notes/4.2.html#security

Scores

CVSS v3 5.3

EPSS 0.0050

EPSS Percentile 66.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

dataiku/data_science_studio < 4.2.3

Published May 28, 2018

Tracked Since Feb 18, 2026