Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12NTk0LTJjOTctaHgzOM4AA1ut
Apache Superset vulnerable to improper data authorization
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.
Permalink: https://github.com/advisories/GHSA-v594-2c97-hx38JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NTk0LTJjOTctaHgzOM4AA1ut
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 months ago
Updated: 6 months ago
CVSS Score: 5.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Identifiers: GHSA-v594-2c97-hx38, CVE-2023-27523
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-27523
- https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h
- https://github.com/advisories/GHSA-v594-2c97-hx38
Affected Packages
pypi:apache-superset
Dependent packages: 5Dependent repositories: 22
Downloads: 158,267 last month
Affected Version Ranges: <= 2.1.0
No known fixed version
All affected versions: 0.34.0, 0.34.1, 0.35.1, 0.35.2, 0.36.0, 0.37.0, 0.37.1, 0.37.2, 0.38.0, 0.38.1, 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 2.0.0, 2.0.1, 2.1.0