Missing Encryption of Sensitive Data in Data Lakehouse - CVE-2024-38302
Published: July 30, 2024
Vulnerability identifier: #VU94847
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-38302
CWE-ID: CWE-311
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
Data Lakehouse
Data Lakehouse
Detailed vulnerability description
The vulnerability allows an adjacent user to gain access to potentially sensitive information.
The vulnerability exists due to missing encryption of sensitive data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.
How to mitigate CVE-2024-38302
Install updates from vendor's website.