CVE-2025-11239 | THREATINT

Description

Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only metadata of jobs is shown to team members. Only the creator of a job can see all information including in- and output data (if present).

PUBLISHED Reserved 2025-10-02 | Published 2025-10-02 | Updated 2025-10-02 | Assigner KNIME

LOW: 2.3CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Green

Problem types

CWE-863 Incorrect Authorization

Product status

Default status

unaffected

Any version before 1.16.0

affected

1.16.0

unaffected

Credits

Zigrin finder

References

www.knime.com/security/advisories

cve.org (CVE-2025-11239)

nvd.nist.gov (CVE-2025-11239)

Download JSON