CVE-2023-46124 (fides)

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems and exfiltrate data outside the environment (also known as …

application code configuration cve data data privacy dataset definitions enforcement engineering environments file integration platform privacy privacy regulations regulations requests runtime web web application yaml zip