CVE-2023-51717
Description
Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2023-51717 is a critical LDAP authentication bypass in Dataiku DSS before 11.4.5 and 12.4.1, allowing unauthenticated remote attackers to gain full access.
Vulnerability
CVE-2023-51717 is an incorrect access control vulnerability in Dataiku DSS versions before 11.4.5 and 12.4.1. The flaw resides in the LDAP authentication mechanism, where insufficient credential verification occurs. Affected systems are those that have enabled LDAP support and whose LDAP server is configured to allow "unauthenticated binds" (not to be confused with anonymous binds), which is a discouraged behavior per LDAP specification but is the default in Microsoft Active Directory. This vulnerability does not affect Dataiku Cloud customers [2].
Exploitation
An attacker with network access to the vulnerable DSS instance can exploit this flaw without requiring any authentication or user interaction. The attack vector is network-based (AV:N) with low attack complexity (AC:L) and no privileges required (PR:N) [1]. The attacker would send crafted LDAP authentication requests that leverage the insufficient credential verification, bypassing the normal authentication flow. The specific steps involve targeting a Dataiku DSS instance that meets the configured conditions (LDAP enabled and LDAP server allowing unauthenticated binds) and performing a malicious bind attempt [2].
Impact
Successful exploitation leads to a full authentication bypass, granting the attacker complete control over the DSS instance. The CVSS score of 9.8 (Critical) reflects the high impact on confidentiality, integrity, and availability (C:H/I:H/A:H) [2]. The attacker gains the ability to access all data, modify configurations, and potentially execute administrative actions, effectively compromising the entire platform.
Mitigation
Dataiku released fixed versions to remediate this issue: DSS 12.4.1 and DSS 11.4.5. Customers running DSS 12.1.0 or above who also use SSO (where LDAP is only used for provisioning) can mitigate the issue by disabling "Allow user authentication" in the LDAP settings under Admin > Settings > User login & provisioning [2]. Dataiku Cloud customers are not affected. As of the advisory release, no KEV listing was available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Dataiku/DSSdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.