CVE-2025-11239

Low CVSS: 2.3

Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only metadata of jobs is shown to team members. Only the creator of a job can see all information including in- and output data (if present).

Vendor

Knime

Product

Business Hub

CWE

CWE-863

Yayın Tarihi

2025-10-02 13:15:31

Güncelleme

2025-10-08 17:17:38

Source Identifier

security@knime.com

KEV Date Added

Kategoriler

CWE-863 Business Hub LOW Knime 2025

Referanslar

https://www.knime.com/security/advisories

Benzer Kayıtlar

Medium

CVE-2025-14262

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other…

Medium

CVE-2025-11240

An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker…

Medium

CVE-2025-3019

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a m…

High

CVE-2025-2402

A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones lis…

High

CVE-2025-2787

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects…