CVE-2024-24779

Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
Configurations

No configuration.

History

28 Feb 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-28 12:15

Updated : 2024-02-28 15:15


NVD link : CVE-2024-24779

Mitre link : CVE-2024-24779

CVE.ORG link : CVE-2024-24779


JSON object : View

Products Affected

No product.

CWE
CWE-863

Incorrect Authorization