Version: current [24.2.x]

Security Bulletins

Dremio publishes security bulletins that disclose vulnerabilities found in our supported products to inform customers about risks that may be present in their production environments.

Security bulletins are usually published when fixes are available in the affected products. In some cases, we may disclose a vulnerability before the fix is available.

Security bulletins include the following information:

Type
Qualitative rating as determined by CVSSv3.1 analysis
Issue description
Issue impact
Available mitigations or fixes

Bulletin	Type	CVSS Rating	Subject	Description
2023-07-22-01	Vulnerability	Medium	Security Update	Potential unintended user access to restricted data as a result of previously-executed cached plans.
2023-07-22-02	Vulnerability	Medium	Security Update	Potential unintended user access to restricted data as a result of accelerated DML operation.
2023-07-22-03	Vulnerability	Medium	Security Update	Potential unintended user access to restricted data as a result of previously cached view.