Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1nNDlqLWo0ODktM3hwZs4AA35g

High EPSS: 0.00125% (0.32574 Percentile) EPSS:
Permalink JSON

Apache Superset incorrect write permissions vulnerability

Affected Packages Affected Versions Fixed Versions
pypi:apache-superset
PURL: pkg:pypi/apache-superset
>= 3.0.0, < 3.0.2, < 2.1.3 3.0.2, 2.1.3
5 Dependent packages
22 Dependent repositories
250,328 Downloads last month

Affected Version Ranges

All affected versions

0.34.0, 0.34.1, 0.35.1, 0.35.2, 0.36.0, 0.37.0, 0.37.1, 0.37.2, 0.38.0, 0.38.1, 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.1.2, 3.0.0, 3.0.1

All unaffected versions

2.1.3, 3.0.2, 3.0.3, 3.0.4, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 4.1.4, 5.0.0

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.3, from 3.0.0 before 3.0.2.

Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.

References:

Identifiers

GHSA-g49j-j489-3xpf

CVE-2023-49734

Risk

Severity

High

EPSS

EPSS Percentage: 0.00125

EPSS Percentile: 0.32574

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/apache/superset

Date and time

Published

over 1 year ago

Updated

7 months ago

API

JSON