CVE-2023-1158 Information

Description

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3 including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 

Reference

https://support.pentaho.com/hc/en-us/articles/14456024873741-IMPORTANT-Resolved-Pentaho-BA-Server-Incorrect-Authorization-Versions-before-9-4-0-1-and-9-3-0-3-including-8-3-x-Impacted-CVE-2023-1158-