Primary

Context

KNIME Business Hub Wrong Permission Check Vulnerability Allowing Unauthorized Job Ownership Attribution

Vulnerability

Patched

A vulnerability in KNIME Business Hub prior to version 1.17.0 allows authenticated users to save jobs from other users under the original job owner's name. This issue arises from an incorrect permission check, which enabled jobs to be saved in the catalog service with the wrong owner permissions. As a result, it may have been possible to save jobs in spaces where the user did not have write permissions. The vulnerability requires access to the jobs being manipulated.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of job ownership, potentially allowing users to save jobs in restricted spaces.

Remediation

Users are advised to update to KNIME Business Hub version 1.17.0 or later.

Added: Dec 8, 2025, 10:18 AM

Updated: Dec 8, 2025, 10:18 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.2

remediation

7.7

relevance

1.3

threat

0.0

urgency

1.4

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.2

remediation

7.7

relevance

1.3

threat

0.0

urgency

1.4

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

KNIME Business Hub Wrong Permission Check Vulnerability Allowing Unauthorized Job Ownership Attribution

Vulnerability

Impact

Remediation

Affected Products

KNIME Business Hub

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating