CVE-2023-27525 – apache-superset

Package

Manager: pip
Name: apache-superset
Vulnerable Version: >=0 <=2.0.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00124 pctl0.32344

Details

Apache Superset vulnerable to Improper Authorization An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1

Metadata

Created: 2023-04-17T18:30:28Z
Modified: 2023-04-27T21:46:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-7jhg-8m74-6f6g/GHSA-7jhg-8m74-6f6g.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-7jhg-8m74-6f6g
Finding: F006
Auto approve: 1