KNIME Business Hub - Sensitive information disclosure

DATE

07.06.2023

Affected Vendor

KNIME AG

Affected Product

KNIME Business Hub – the enterprise software for data science automation, deploying models, collaborating in teams, and managing workflows. – https://www.knime.com/knime-business-hub

Vulnerable version

versions before 1.4.0

Fixed version

1.4.0

CVSS

5.3 Medium CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Recommendations

Update to KNIME Business Hub version 1.4.0

Vulnerability details

The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed.

CVE

CVE-2023-2541

Credits

Dawid Czarnecki

References

CIRCL CVE – https://cve.circl.lu/cve/CVE-2023-2541
KNIME Security Advisories – https://www.knime.com/security/advisories

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

Have Any Questions?

KNIME Business Hub – Sensitive information disclosure

NEED A CONSULTATION?

contact@zigrin.com

GPG Key

Get a free consultation