CVE-2018-10732

MEDIUM

Dataiku Data Science Studio < 4.2.3 - Unauthenticated Sensitive Information Exposure via Profile Picture Visibility

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10732. PoCs published by alt3kx.

AI-analyzed exploit summary This repository contains a README file describing CVE-2018-10732, a vulnerability in Dataiku DSS, with references to the vendor's patch and credits. No exploit code is present.

Description

The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.

Exploits (1)

nomisec WRITEUP
by alt3kx · poc
https://github.com/alt3kx/CVE-2018-10732

This repository contains a README file describing CVE-2018-10732, a vulnerability in Dataiku DSS, with references to the vendor's patch and credits. No exploit code is present.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Dataiku DSS
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/alt3kx/CVE-2018-10732
Release Notes, Vendor Advisory x_refsource_misc
https://doc.dataiku.com/dss/latest/release_notes/4.2.html#security

Scores

CVSS v3 5.3
EPSS 0.0161
EPSS Percentile 72.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
dataiku/data_science_studio < 4.2.3
Published May 28, 2018
Tracked Since Feb 18, 2026