CVE-2023-27523

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h	Mailing List
https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h	Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:53

Type	Values Removed	Values Added
References	~~() https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h - Mailing List~~	() https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h - Mailing List
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : 5.0

11 Sep 2023, 13:46

Type	Values Removed	Values Added
References	~~(MISC) https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h -~~	(MISC) https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h - Mailing List
First Time		Apache Apache superset
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
CPE		cpe:2.3:a:apache:superset::::::::

06 Sep 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-06 13:15

Updated : 2024-11-21 07:53

NVD link : CVE-2023-27523

Mitre link : CVE-2023-27523

CVE.ORG link : CVE-2023-27523

JSON object : View

Products Affected

apache

superset

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2023-27523", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@apache.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-09-06T13:15:08.017", "references": [{"url": "https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Improper data authorization check on Jinja templated queries in Apache Superset\u00a0up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.\n\n"}, {"lang": "es", "value": "La verificaci\u00f3n incorrecta de la autorizaci\u00f3n de datos en las consultas con la plantilla de Jinja en Apache Superset hasta la versi\u00f3n 2.1.0 incluida permite que un usuario autenticado emita consultas en tablas de bases de datos a las que quiz\u00e1s no tenga acceso.\n"}], "lastModified": "2024-11-21T07:53:05.643", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5C7318E-1118-457F-A2BC-8B9400AE7C3C", "versionEndIncluding": "2.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}