CVE-2025-14262
Jobs can be saved as workflows with wrong permissions on KNIME Business Hub
In short
A bug in KNIME Business Hub allowed users to save other people's jobs as if they were the original owner, potentially bypassing security restrictions on where files could be stored.
Technical detail
An improper permission check in KNIME Business Hub < 1.17.0 allows an authenticated attacker to save jobs owned by other users while impersonating the original owner via the catalog service. The vulnerability enables circumvention of write permission controls on shared spaces by leveraging existing read access to target jobs.
Summary generated and translated by AI from the official description.
A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions.
There is no workaround.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Green
Affected products
KNIME · KNIME Business HubWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →