CVE-2023-27523 – apache-superset

Package

Manager: pip
Name: apache-superset
Vulnerable Version: >=0 <=2.1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00053 pctl0.16553

Details

Apache Superset vulnerable to improper data authorization Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.

Metadata

Created: 2023-09-06T15:30:26Z
Modified: 2023-09-07T13:59:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-v594-2c97-hx38/GHSA-v594-2c97-hx38.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-v594-2c97-hx38
Finding: F006
Auto approve: 1