CVE-2025-14262

Medium CVSS: 5.3

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions.

There is no workaround.

Vendor

Knime

Product

Business Hub

CWE

CWE-708

Yayın Tarihi

2025-12-08 10:16:01

Güncelleme

2026-02-27 03:38:57

Source Identifier

security@knime.com

KEV Date Added

Kategoriler

CWE-708 Business Hub MEDIUM Knime 2025

Referanslar

https://www.knime.com/security/advisories#CVE-2025-11239

Benzer Kayıtlar

Low

CVE-2025-11239

Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user'…

Medium

CVE-2025-11240

An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker…

Medium

CVE-2025-3019

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a m…

High

CVE-2025-2402

A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones lis…

High

CVE-2025-2787

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects…