KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower. Besides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: * 1.13.3 or above * 1.12.4 or above * 1.11.4 or above * 1.10.4 or above *
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:AmberKnime Business Hub
APPKnime1.10.0 – 1.10.4 (bez)1.11.0 – 1.11.4 (bez)1.12.0 – 1.12.4 (bez)1.13.0 – 1.13.3 (bez)
Powiązane podatności
A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except th...
A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1....
A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save job...
An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remot...
KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user cli...