Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h | Mailing List |
Configurations
History
11 Sep 2023, 13:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:* | |
References | (MISC) https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h - Mailing List | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
First Time |
Apache
Apache superset |
06 Sep 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-06 13:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-27523
Mitre link : CVE-2023-27523
CVE.ORG link : CVE-2023-27523
JSON object : View
Products Affected
apache
- superset
CWE
CWE-863
Incorrect Authorization