Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03amhnLThtNzQtNmY2Z84AAy0X
Apache Superset vulnerable to Improper Authorization
An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1
Permalink: https://github.com/advisories/GHSA-7jhg-8m74-6f6gJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03amhnLThtNzQtNmY2Z84AAy0X
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: almost 1 year ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-7jhg-8m74-6f6g, CVE-2023-27525
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-27525
- https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77
- https://github.com/advisories/GHSA-7jhg-8m74-6f6g
Affected Packages
pypi:apache-superset
Dependent packages: 5Dependent repositories: 22
Downloads: 157,096 last month
Affected Version Ranges: <= 2.0.1
No known fixed version
All affected versions: 0.34.0, 0.34.1, 0.35.1, 0.35.2, 0.36.0, 0.37.0, 0.37.1, 0.37.2, 0.38.0, 0.38.1, 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 2.0.0, 2.0.1