Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.
This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.
Users are recommended to upgrade to version 3.1.1, which fixes the issue.
References
Configurations
No configuration.
History
28 Feb 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-28 12:15
Updated : 2024-02-28 15:15
NVD link : CVE-2024-24773
Mitre link : CVE-2024-24773
CVE.ORG link : CVE-2024-24773
JSON object : View
Products Affected
No product.
CWE
CWE-863
Incorrect Authorization