An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.
References
Link | Resource |
---|---|
https://github.com/apache/superset/pull/24185 | Patch |
https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3 | Mailing List |
Configurations
History
19 Oct 2023, 18:47
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/apache/superset/pull/24185 - Patch |
17 Oct 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-863 |
11 Sep 2023, 14:25
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-281 | |
References | (MISC) https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3 - Mailing List | |
First Time |
Apache
Apache superset |
|
CPE | cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
06 Sep 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-06 13:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-36387
Mitre link : CVE-2023-36387
CVE.ORG link : CVE-2023-36387
JSON object : View
Products Affected
apache
- superset
CWE
CWE-863
Incorrect Authorization