Vulnerabilites related to Apache Software Foundation - Apache Superset
cve-2023-30776
Vulnerability from cvelistv5
Published
2023-04-24 15:29
Modified
2024-10-21 15:08
Severity ?
EPSS score ?
Summary
An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 1.3.0 ≤ 2.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:15.407Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/s9w9w10mt2sngk3solwnmq5k7md53tsz", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/04/24/3", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30776", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T15:08:45.861844Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T15:08:55.113Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.0.1", status: "affected", version: "1.3.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Naveen Sunkavally (Horizon3.ai) (finder)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.", }, ], value: "An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-522", description: "CWE-522 Insufficiently Protected Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T07:29:50.245Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/s9w9w10mt2sngk3solwnmq5k7md53tsz", }, { url: "http://www.openwall.com/lists/oss-security/2023/04/24/3", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Database connection password leak", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-30776", datePublished: "2023-04-24T15:29:53.498Z", dateReserved: "2023-04-17T11:47:18.487Z", dateUpdated: "2024-10-21T15:08:55.113Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28148
Vulnerability from cvelistv5
Published
2024-05-07 13:33
Modified
2024-08-02 00:48
Severity ?
EPSS score ?
Summary
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2.
Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28148", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-09T18:25:54.631377Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:19.183Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:48:49.154Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "3.1.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "remediation developer", value: "Daniel Pedro Vaz Gaspar", }, { lang: "en", type: "finder", value: "Krishna Nadh", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.</span></span><p>This issue affects Apache Superset: before 3.1.2.</p><p>Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.</p>", }, ], value: "An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2.\n\nUsers are recommended to upgrade to version 3.1.2 or above, which fixes the issue.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-08T08:31:49.341Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo", }, ], source: { discovery: "EXTERNAL", }, title: "Apache Superset: Incorrect datasource authorization on explore REST API ", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-28148", datePublished: "2024-05-07T13:33:42.137Z", dateReserved: "2024-03-05T16:22:48.531Z", dateUpdated: "2024-08-02T00:48:49.154Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27523
Vulnerability from cvelistv5
Published
2023-09-06 12:55
Modified
2024-09-26 15:24
Severity ?
EPSS score ?
Summary
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ 2.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:16:35.538Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-27523", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:49:47.172075Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:24:13.311Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.1.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Jingjing Hu", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.<br><br>", }, ], value: "Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T12:55:31.286Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Improper data permission validation on Jinja templated queries", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-27523", datePublished: "2023-09-06T12:55:31.286Z", dateReserved: "2023-03-02T12:54:40.810Z", dateUpdated: "2024-09-26T15:24:13.311Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-32609
Vulnerability from cvelistv5
Published
2021-10-18 14:30
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:25:30.488Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2c09254e98b4f8b3deb422762bd0e2aa6d743b72d96c2f90cbaae31a%40%3Cdev.superset.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Apache Superset team would like to thank Oscar Arnflo for reporting this issue", }, ], descriptions: [ { lang: "en", value: "Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross-site Scripting (XSS)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-18T14:30:12", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r2c09254e98b4f8b3deb422762bd0e2aa6d743b72d96c2f90cbaae31a%40%3Cdev.superset.apache.org%3E", }, ], source: { discovery: "UNKNOWN", }, title: "XSS vulnerability on Explore page", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-32609", STATE: "PUBLIC", TITLE: "XSS vulnerability on Explore page", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Superset", version: { version_data: [ { version_affected: "<=", version_value: "1.1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Apache Superset team would like to thank Oscar Arnflo for reporting this issue", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79 Cross-site Scripting (XSS)", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r2c09254e98b4f8b3deb422762bd0e2aa6d743b72d96c2f90cbaae31a%40%3Cdev.superset.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r2c09254e98b4f8b3deb422762bd0e2aa6d743b72d96c2f90cbaae31a%40%3Cdev.superset.apache.org%3E", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-32609", datePublished: "2021-10-18T14:30:12", dateReserved: "2021-05-12T00:00:00", dateUpdated: "2024-08-03T23:25:30.488Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43717
Vulnerability from cvelistv5
Published
2023-01-16 10:08
Modified
2025-04-04 13:54
Severity ?
EPSS score ?
Summary
Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 2.0.0 ≤ Version: 0 ≤ 1.5.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.130Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-43717", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-04T13:51:44.406622Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-04T13:54:56.210Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.0.1", status: "affected", version: "2.0.0", versionType: "semver", }, { lessThanOrEqual: "1.5.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Vladimir Razov (Positive Technologies)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", }, ], value: "Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-02T10:14:22.300Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Cross-Site Scripting on dashboards", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-43717", datePublished: "2023-01-16T10:08:04.670Z", dateReserved: "2022-10-24T10:10:44.950Z", dateUpdated: "2025-04-04T13:54:56.210Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36387
Vulnerability from cvelistv5
Published
2023-09-06 12:19
Modified
2024-09-26 18:10
Severity ?
EPSS score ?
Summary
An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3 | vendor-advisory | |
| https://github.com/apache/superset/pull/24185 | patch |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ 2.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:45:56.364Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/superset/pull/24185", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36387", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T18:00:10.551029Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T18:10:35.983Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.1.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Miguel Segovia Gil", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.<br>", }, ], value: "An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T07:53:19.055Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3", }, { tags: [ "patch", ], url: "https://github.com/apache/superset/pull/24185", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Improper API permission for low privilege users", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-36387", datePublished: "2023-09-06T12:19:39.908Z", dateReserved: "2023-06-21T14:06:35.892Z", dateUpdated: "2024-09-26T18:10:35.983Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34693
Vulnerability from cvelistv5
Published
2024-06-20 08:51
Modified
2025-02-21 16:55
Severity ?
EPSS score ?
Summary
Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0
Users are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ Version: 4.0.0 ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-34693", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-20T12:55:23.313212Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-21T16:55:58.529Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:59:22.089Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/06/20/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "3.1.3", status: "affected", version: "0", versionType: "semver", }, { lessThan: "4.0.1", status: "affected", version: "4.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Matei \"Mal\" Badanoiu", }, { lang: "en", type: "remediation developer", value: "Daniel Vaz Gaspar", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.<p>This issue affects Apache Superset: before 3.1.3 and version 4.0.0</p><p>Users are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.</p>", }, ], value: "Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0\n\nUsers are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-20T08:55:06.253Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon", }, { url: "http://www.openwall.com/lists/oss-security/2024/06/20/1", }, ], source: { discovery: "EXTERNAL", }, title: "Apache Superset: Server arbitrary file read", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-34693", datePublished: "2024-06-20T08:51:55.329Z", dateReserved: "2024-05-07T08:15:34.898Z", dateUpdated: "2025-02-21T16:55:58.529Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-53947
Vulnerability from cvelistv5
Published
2024-12-09 13:35
Modified
2024-12-09 15:05
Severity ?
EPSS score ?
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema.
This issue affects Apache Superset: <4.1.0.
Users are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/hj3gfsjh67vqw12nlrshlsym4bkopjmn | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53947", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-09T15:05:04.575998Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-09T15:05:21.361Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "4.1.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Iván Arce (Quarkslab)", }, { lang: "en", type: "remediation developer", value: "Daniel Gaspar", }, { lang: "en", type: "finder", value: "Mathieu Farrell (Quarkslab)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema.</p><p>This issue affects Apache Superset: <4.1.0.</p><p>Users are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS.</p>", }, ], value: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema.\n\nThis issue affects Apache Superset: <4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS.", }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 2.3, baseSeverity: "LOW", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "LOW", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-09T13:35:09.910Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/hj3gfsjh67vqw12nlrshlsym4bkopjmn", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-53947", datePublished: "2024-12-09T13:35:09.910Z", dateReserved: "2024-11-25T10:23:29.712Z", dateUpdated: "2024-12-09T15:05:21.361Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-55633
Vulnerability from cvelistv5
Published
2024-12-12 14:36
Modified
2025-02-12 09:35
Severity ?
EPSS score ?
Summary
Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable.
This issue affects Apache Superset: before 4.1.0.
Users are recommended to upgrade to version 4.1.0, which fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-55633", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T15:27:53.132335Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-12T15:28:06.454Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-12-12T18:03:30.295Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/12/12/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "4.1.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "remediation developer", value: "Beto de Almeida", }, { lang: "en", type: "coordinator", value: "Daniel Gaspar", }, { lang: "en", type: "finder", value: "James Ford (Striveworks)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement<span style=\"background-color: rgb(255, 255, 255);\"> that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable. </span></p><p>This issue affects Apache Superset: before 4.1.0.</p><p>Users are recommended to upgrade to version 4.1.0, which fixes the issue.</p>", }, ], value: "Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable. \n\nThis issue affects Apache Superset: before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.", }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 7.1, baseSeverity: "HIGH", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-12T09:35:43.626Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-55633", datePublished: "2024-12-12T14:36:02.325Z", dateReserved: "2024-12-09T21:48:12.343Z", dateUpdated: "2025-02-12T09:35:43.626Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24773
Vulnerability from cvelistv5
Published
2024-02-28 11:24
Modified
2025-02-13 17:40
Severity ?
EPSS score ?
Summary
Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.
This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.
Users are recommended to upgrade to version 3.1.1, which fixes the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ Version: 3.1.0 ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-24773", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-15T20:46:05.449919Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:43:31.824Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:28:12.585Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/02/28/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "3.0.4", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.1.1", status: "affected", version: "3.1.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "remediation developer", value: "Beto Ferreira De Almeida", }, { lang: "en", type: "coordinator", value: "Daniel Vaz Gaspar", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.<br><p>This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.</p><p>Users are recommended to upgrade to version 3.1.1, which fixes the issue.</p>", }, ], value: "Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1, which fixes the issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-28T11:25:05.387Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501", }, { url: "http://www.openwall.com/lists/oss-security/2024/02/28/4", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Improper validation of SQL statements allows for unauthorized access to data", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-24773", datePublished: "2024-02-28T11:24:58.179Z", dateReserved: "2024-01-30T10:12:21.733Z", dateUpdated: "2025-02-13T17:40:22.462Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23952
Vulnerability from cvelistv5
Published
2024-02-14 11:09
Modified
2025-02-13 17:40
Severity ?
EPSS score ?
Summary
This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset.
Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.
This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ Version: 3.0.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:13:08.543Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/02/14/2", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/02/14/3", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-23952", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T19:21:25.948432Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T19:21:37.425Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.1.3", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.0.2", status: "affected", version: "3.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Dor Konis – GE Vernova", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset.<br> <br>Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. <br><span style=\"background-color: rgb(255, 255, 255);\">This vulnerability exists </span>in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.<br><br><br>", }, ], value: "This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset.\n \nUncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. \nThis vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-14T11:10:05.626Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx", }, { url: "http://www.openwall.com/lists/oss-security/2024/02/14/2", }, { url: "http://www.openwall.com/lists/oss-security/2024/02/14/3", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104)", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-23952", datePublished: "2024-02-14T11:09:47.113Z", dateReserved: "2024-01-24T14:56:01.763Z", dateUpdated: "2025-02-13T17:40:06.510Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-49736
Vulnerability from cvelistv5
Published
2023-12-19 09:33
Modified
2025-02-13 17:18
Severity ?
EPSS score ?
Summary
A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.
Users are recommended to upgrade to version 3.0.2, which fixes the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ Version: 3.0.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:01:26.054Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/19/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.1.2", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.0.2", status: "affected", version: "3.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Jack Prince-Fulls ( jf@incyan.com )", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A where_in JINJA macro <span style=\"background-color: rgb(255, 255, 255);\">allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection </span>in Apache Superset.<p>This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.</p><p>Users are recommended to upgrade to version 3.0.2, which fixes the issue.</p>", }, ], value: "A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 3.0.2, which fixes the issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-19T09:35:07.189Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p", }, { url: "http://www.openwall.com/lists/oss-security/2023/12/19/2", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: SQL Injection on where_in JINJA macro", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-49736", datePublished: "2023-12-19T09:33:10.415Z", dateReserved: "2023-11-30T13:16:23.851Z", dateUpdated: "2025-02-13T17:18:54.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39887
Vulnerability from cvelistv5
Published
2024-07-16 09:20
Modified
2025-02-13 17:53
Severity ?
EPSS score ?
Summary
An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection.
This issue affects Apache Superset: before 4.0.2.
Users are recommended to upgrade to version 4.0.2, which fixes the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-39887", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-16T17:48:36.154927Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-16T17:48:52.676Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:33:10.887Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/j55vm41jg3l0x6w49zrmvbf3k0ts5fqz", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/16/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "4.0.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Mike Yushkovskiy", }, { lang: "en", type: "remediation developer", value: "Daniel Vaz Gaspar", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named <code>DISALLOWED_SQL_FUNCTIONS</code> has been introduced. This key disallows the use of the following PostgreSQL functions: <code>version</code>, <code>query_to_xml</code>, <code>inet_server_addr</code>, and <code>inet_client_addr</code>. Additional functions can be added to this list for increased protection.</p><p>This issue affects Apache Superset: before 4.0.2.</p><p>Users are recommended to upgrade to version 4.0.2, which fixes the issue.</p>", }, ], value: "An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection.\n\nThis issue affects Apache Superset: before 4.0.2.\n\nUsers are recommended to upgrade to version 4.0.2, which fixes the issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-16T09:25:06.860Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/j55vm41jg3l0x6w49zrmvbf3k0ts5fqz", }, { url: "http://www.openwall.com/lists/oss-security/2024/07/16/5", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-39887", datePublished: "2024-07-16T09:20:10.688Z", dateReserved: "2024-07-02T13:26:07.346Z", dateUpdated: "2025-02-13T17:53:20.299Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28125
Vulnerability from cvelistv5
Published
2021-04-27 09:27
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E | x_refsource_MISC | |
| https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2021/04/27/2 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: Apache Superset < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:17.571Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E", }, { name: "[superset-dev] 20210427 CVE-2021-28125: Apache Superset Open Redirect", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E", }, { name: "[oss-security] 20210427 CVE-2021-28125: Apache Superset Open Redirect", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/04/27/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "1.0.1", status: "affected", version: "Apache Superset", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Found and reported by Gianluca Veltri, Dario Castrogiovanni", }, ], descriptions: [ { lang: "en", value: "Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-27T11:08:37", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E", }, { name: "[superset-dev] 20210427 CVE-2021-28125: Apache Superset Open Redirect", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E", }, { name: "[oss-security] 20210427 CVE-2021-28125: Apache Superset Open Redirect", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/04/27/2", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset Open Redirect ", workarounds: [ { lang: "en", value: "https://github.com/apache/superset/pull/13461", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-28125", STATE: "PUBLIC", TITLE: "Apache Superset Open Redirect ", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Superset", version: { version_data: [ { version_affected: "<=", version_name: "Apache Superset", version_value: "1.0.1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Found and reported by Gianluca Veltri, Dario Castrogiovanni", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E", }, { name: "[superset-dev] 20210427 CVE-2021-28125: Apache Superset Open Redirect", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434@%3Cdev.superset.apache.org%3E", }, { name: "[oss-security] 20210427 CVE-2021-28125: Apache Superset Open Redirect", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/04/27/2", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "https://github.com/apache/superset/pull/13461", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-28125", datePublished: "2021-04-27T09:27:22", dateReserved: "2021-03-10T00:00:00", dateUpdated: "2024-08-03T21:33:17.571Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-53948
Vulnerability from cvelistv5
Published
2024-12-09 13:35
Modified
2024-12-09 18:03
Severity ?
EPSS score ?
Summary
Generation of Error Message Containing analytics metadata Information in Apache Superset.
This issue affects Apache Superset: before 4.1.0.
Users are recommended to upgrade to version 4.1.0, which fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53948", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-09T15:04:23.822072Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-09T15:04:41.155Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-12-09T18:03:42.140Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/12/09/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "4.1.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Bartosz Galaszewski", }, { lang: "en", type: "remediation developer", value: "Daniel Gaspar", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Generation of Error Message Containing analytics metadata Information in Apache Superset.</p><p>This issue affects Apache Superset: before 4.1.0.</p><p>Users are recommended to upgrade to version 4.1.0, which fixes the issue.</p>", }, ], value: "Generation of Error Message Containing analytics metadata Information in Apache Superset.\n\nThis issue affects Apache Superset: before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.", }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 5.3, baseSeverity: "MEDIUM", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "LOW", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-09T13:35:30.932Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Error verbosity exposes metadata in analytics databases", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-53948", datePublished: "2024-12-09T13:35:30.932Z", dateReserved: "2024-11-25T11:11:41.375Z", dateUpdated: "2024-12-09T18:03:42.140Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27479
Vulnerability from cvelistv5
Published
2022-04-13 19:05
Modified
2024-08-03 05:25
Severity ?
EPSS score ?
Summary
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6 | x_refsource_MISC | |
| https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/04/13/3 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: unspecified < 1.4.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:25:32.815Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y", }, { name: "[oss-security] 20220413 CVE-2022-27479: Apache Superset: SQL injection vulnerability in chart data API", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/13/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "1.4.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-13T20:06:17", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y", }, { name: "[oss-security] 20220413 CVE-2022-27479: Apache Superset: SQL injection vulnerability in chart data API", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/13/3", }, ], source: { defect: [ "SUPERSET-20", ], discovery: "UNKNOWN", }, title: "SQL injection vulnerability in chart data API", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2022-27479", STATE: "PUBLIC", TITLE: "SQL injection vulnerability in chart data API", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Superset", version: { version_data: [ { version_affected: "<", version_value: "1.4.2", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6", refsource: "MISC", url: "https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6", }, { name: "https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y", refsource: "MISC", url: "https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y", }, { name: "[oss-security] 20220413 CVE-2022-27479: Apache Superset: SQL injection vulnerability in chart data API", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/13/3", }, ], }, source: { defect: [ "SUPERSET-20", ], discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-27479", datePublished: "2022-04-13T19:05:11", dateReserved: "2022-03-21T00:00:00", dateUpdated: "2024-08-03T05:25:32.815Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24779
Vulnerability from cvelistv5
Published
2024-02-28 11:28
Modified
2025-02-13 17:40
Severity ?
EPSS score ?
Summary
Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data.
This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.
Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ Version: 3.1.0 ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-24779", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-28T20:17:04.065586Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:43:17.870Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:28:12.617Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/02/28/6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "3.0.4", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.1.1", status: "affected", version: "3.1.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "remediation developer", value: "Daniel Pedro Vaz Gaspar", }, { lang: "en", type: "finder", value: "@DLT1412", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data.<br><p>This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.</p><p>Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.</p>", }, ], value: "Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data.\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-28T11:30:08.530Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq", }, { url: "http://www.openwall.com/lists/oss-security/2024/02/28/6", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Improper data authorization when creating a new dataset", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-24779", datePublished: "2024-02-28T11:28:02.395Z", dateReserved: "2024-01-30T10:37:47.396Z", dateUpdated: "2025-02-13T17:40:23.167Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42504
Vulnerability from cvelistv5
Published
2023-11-28 17:59
Modified
2025-02-13 17:09
Severity ?
EPSS score ?
Summary
An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.
This issue affects Apache Superset: before 3.0.0
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:23:39.311Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/11/28/6", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-42504", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T18:13:10.717840Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T18:13:20.574Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "3.0.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Amit Laish – GE Vernova", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.</p><p>This issue affects Apache Superset: before 3.0.0</p>", }, ], value: "An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.\n\nThis issue affects Apache Superset: before 3.0.0", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-28T18:00:08.936Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l", }, { url: "http://www.openwall.com/lists/oss-security/2023/11/28/6", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Lack of rate limiting allows for possible denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-42504", datePublished: "2023-11-28T17:59:59.504Z", dateReserved: "2023-09-11T12:10:19.736Z", dateUpdated: "2025-02-13T17:09:25.157Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-43701
Vulnerability from cvelistv5
Published
2023-11-27 10:52
Modified
2024-08-02 19:44
Severity ?
EPSS score ?
Summary
Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2.
Users are recommended to upgrade to version 2.1.2, which fixes this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:44:43.832Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/11/27/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.1.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Amit Laish – GE Vernova", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2. <br>Users are recommended to upgrade to version 2.1.2, which fixes this issue.", }, ], value: "Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2. \nUsers are recommended to upgrade to version 2.1.2, which fixes this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-27T14:46:15.673Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892", }, { url: "https://www.openwall.com/lists/oss-security/2023/11/27/4", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Stored XSS on API endpoint", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-43701", datePublished: "2023-11-27T10:52:09.754Z", dateReserved: "2023-09-21T11:46:12.851Z", dateUpdated: "2024-08-02T19:44:43.832Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46104
Vulnerability from cvelistv5
Published
2023-12-19 09:30
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.
This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ Version: 3.0.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:37:39.352Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/19/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/02/14/2", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/02/14/3", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-46104", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-27T15:37:09.688758Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-16T18:43:58.519Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.1.3", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.0.1", status: "affected", version: "3.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Dor Konis – GE Vernova", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. <br><span style=\"background-color: rgb(255, 255, 255);\">This vulnerability exists </span>in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.<br>", }, ], value: "Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. \nThis vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-14T13:05:57.341Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl", }, { url: "http://www.openwall.com/lists/oss-security/2023/12/19/1", }, { url: "http://www.openwall.com/lists/oss-security/2024/02/14/2", }, { url: "http://www.openwall.com/lists/oss-security/2024/02/14/3", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-46104", datePublished: "2023-12-19T09:30:53.790Z", dateReserved: "2023-10-16T15:16:18.770Z", dateUpdated: "2025-02-13T17:14:16.088Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41971
Vulnerability from cvelistv5
Published
2021-10-18 14:30
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: Apache Superset < 1.3.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:22:25.815Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf7292731268c6c6e2196ae1583e32ac7189385364268f8d9215e8e6d%40%3Cdev.superset.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "1.3.1", status: "affected", version: "Apache Superset", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Apache Superset would like to thank Kevin Kusnardi for reporting this issue", }, ], descriptions: [ { lang: "en", value: "Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.", }, ], metrics: [ { other: { content: { other: "low", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-18T14:30:13", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/rf7292731268c6c6e2196ae1583e32ac7189385364268f8d9215e8e6d%40%3Cdev.superset.apache.org%3E", }, ], source: { discovery: "UNKNOWN", }, title: "Possible SQL Injection when template processing is enabled", workarounds: [ { lang: "en", value: "Don't enable ENABLE_TEMPLATE_PROCESSING (disabled by default).\nOr upgrade to Apache Superset 1.3.1 ", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-41971", STATE: "PUBLIC", TITLE: "Possible SQL Injection when template processing is enabled", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Superset", version: { version_data: [ { version_affected: "<", version_name: "Apache Superset", version_value: "1.3.1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Apache Superset would like to thank Kevin Kusnardi for reporting this issue", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "low", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/rf7292731268c6c6e2196ae1583e32ac7189385364268f8d9215e8e6d%40%3Cdev.superset.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/rf7292731268c6c6e2196ae1583e32ac7189385364268f8d9215e8e6d%40%3Cdev.superset.apache.org%3E", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Don't enable ENABLE_TEMPLATE_PROCESSING (disabled by default).\nOr upgrade to Apache Superset 1.3.1 ", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-41971", datePublished: "2021-10-18T14:30:14", dateReserved: "2021-10-04T00:00:00", dateUpdated: "2024-08-04T03:22:25.815Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41703
Vulnerability from cvelistv5
Published
2023-01-16 10:14
Modified
2025-04-08 20:33
Severity ?
EPSS score ?
Summary
A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag "ALLOW_ADHOC_SUBQUERY" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 2.0.0 ≤ Version: 0 ≤ 1.5.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:49:43.809Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-41703", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-08T20:32:13.091581Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-08T20:33:49.417Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.0.1", status: "affected", version: "2.0.0", versionType: "semver", }, { lessThanOrEqual: "1.5.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Mingyu Son", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value). <span style=\"background-color: rgb(255, 255, 255);\">This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n</span><br><br>", }, ], value: "A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n\n\n", }, ], metrics: [ { other: { content: { text: "critical", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { description: "SQL injection in certain query object fields", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T14:58:51.125Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: SQL injection vulnerability in adhoc clauses", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-41703", datePublished: "2023-01-16T10:14:01.332Z", dateReserved: "2022-09-28T15:13:03.943Z", dateUpdated: "2025-04-08T20:33:49.417Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42250
Vulnerability from cvelistv5
Published
2021-11-17 15:10
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/53lkszw6d3tybp5t99nvgcj538b9trw9 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/11/17/2 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: Apache Superset < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:37.952Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/53lkszw6d3tybp5t99nvgcj538b9trw9", }, { name: "[oss-security] 20211117 CVE-2021-42250: Apache Superset: Possible log injection", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/11/17/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "1.3.1", status: "affected", version: "Apache Superset", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Found and reported by Duxiaoman Financial Security Team", }, ], descriptions: [ { lang: "en", value: "Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-117", description: "CWE-117 Improper Output Neutralization for Logs", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-17T18:06:11", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/53lkszw6d3tybp5t99nvgcj538b9trw9", }, { name: "[oss-security] 20211117 CVE-2021-42250: Apache Superset: Possible log injection", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/11/17/2", }, ], source: { discovery: "UNKNOWN", }, title: "Possible log injection", workarounds: [ { lang: "en", value: "Upgrade to Apache Superset 1.3.2 or higher", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-42250", STATE: "PUBLIC", TITLE: "Possible log injection", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Superset", version: { version_data: [ { version_affected: "<=", version_name: "Apache Superset", version_value: "1.3.1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Found and reported by Duxiaoman Financial Security Team", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-117 Improper Output Neutralization for Logs", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/53lkszw6d3tybp5t99nvgcj538b9trw9", refsource: "MISC", url: "https://lists.apache.org/thread/53lkszw6d3tybp5t99nvgcj538b9trw9", }, { name: "[oss-security] 20211117 CVE-2021-42250: Apache Superset: Possible log injection", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/11/17/2", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Upgrade to Apache Superset 1.3.2 or higher", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-42250", datePublished: "2021-11-17T15:10:10", dateReserved: "2021-10-11T00:00:00", dateUpdated: "2024-08-04T03:30:37.952Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42502
Vulnerability from cvelistv5
Published
2023-11-28 16:25
Modified
2024-08-02 19:23
Severity ?
EPSS score ?
Summary
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:23:39.566Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "3.0.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Amit Laish – GE Vernova", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the <span style=\"background-color: rgb(255, 255, 255);\">HTTP Host header</span>, users could be redirected to this site when clicking on that specific dataset. <span style=\"background-color: rgb(255, 255, 255);\">This issue affects Apache Superset versions before 3.0.0.</span><br>", }, ], value: "An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-30T08:14:26.949Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Open Redirect Vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-42502", datePublished: "2023-11-28T16:25:43.177Z", dateReserved: "2023-09-11T11:20:01.211Z", dateUpdated: "2024-08-02T19:23:39.566Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-49657
Vulnerability from cvelistv5
Published
2024-01-23 15:06
Modified
2024-08-02 22:01
Severity ?
EPSS score ?
Summary
A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS.
For 2.X versions, users should change their config to include:
TALISMAN_CONFIG = {
"content_security_policy": {
"base-uri": ["'self'"],
"default-src": ["'self'"],
"img-src": ["'self'", "blob:", "data:"],
"worker-src": ["'self'", "blob:"],
"connect-src": [
"'self'",
" https://api.mapbox.com" https://api.mapbox.com" ;,
" https://events.mapbox.com" https://events.mapbox.com" ;,
],
"object-src": "'none'",
"style-src": [
"'self'",
"'unsafe-inline'",
],
"script-src": ["'self'", "'strict-dynamic'"],
},
"content_security_policy_nonce_in": ["script-src"],
"force_https": False,
"session_cookie_secure": False,
}
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:01:25.916Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "3.0.3", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Nick Barnes, Praetorian Security Inc.", }, { lang: "en", type: "reporter", value: "Amit Laish – GE Vernova", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. </span>An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS.<br><br>For 2.X versions, users should change their config to include:<br><br>TALISMAN_CONFIG = {<br> \"content_security_policy\": {<br> \"base-uri\": [\"'self'\"],<br> \"default-src\": [\"'self'\"],<br> \"img-src\": [\"'self'\", \"blob:\", \"data:\"],<br> \"worker-src\": [\"'self'\", \"blob:\"],<br> \"connect-src\": [<br> \"'self'\",<br> \"<a target=\"_blank\" rel=\"nofollow\" href=\"https://api.mapbox.com"\">https://api.mapbox.com\"</a>;,<br> \"<a target=\"_blank\" rel=\"nofollow\" href=\"https://events.mapbox.com"\">https://events.mapbox.com\"</a>;,<br> ],<br> \"object-src\": \"'none'\",<br> \"style-src\": [<br> \"'self'\",<br> \"'unsafe-inline'\",<br> ],<br> \"script-src\": [\"'self'\", \"'strict-dynamic'\"],<br> },<br> \"content_security_policy_nonce_in\": [\"script-src\"],<br> \"force_https\": False,<br> \"session_cookie_secure\": False,<br>}<br><br>", }, ], value: "A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS.\n\nFor 2.X versions, users should change their config to include:\n\nTALISMAN_CONFIG = {\n \"content_security_policy\": {\n \"base-uri\": [\"'self'\"],\n \"default-src\": [\"'self'\"],\n \"img-src\": [\"'self'\", \"blob:\", \"data:\"],\n \"worker-src\": [\"'self'\", \"blob:\"],\n \"connect-src\": [\n \"'self'\",\n \" https://api.mapbox.com\" https://api.mapbox.com\" ;,\n \" https://events.mapbox.com\" https://events.mapbox.com\" ;,\n ],\n \"object-src\": \"'none'\",\n \"style-src\": [\n \"'self'\",\n \"'unsafe-inline'\",\n ],\n \"script-src\": [\"'self'\", \"'strict-dynamic'\"],\n },\n \"content_security_policy_nonce_in\": [\"script-src\"],\n \"force_https\": False,\n \"session_cookie_secure\": False,\n}\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-29T08:35:38.250Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Stored XSS in Dashboard Title and Chart Title", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-49657", datePublished: "2024-01-23T15:06:59.901Z", dateReserved: "2023-11-28T21:39:07.846Z", dateUpdated: "2024-08-02T22:01:25.916Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26016
Vulnerability from cvelistv5
Published
2024-02-28 11:28
Modified
2025-04-22 15:57
Severity ?
EPSS score ?
Summary
A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges.
This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ Version: 3.1.0 ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-26016", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-28T18:55:52.251519Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-22T15:57:40.166Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:59:31.100Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/02/28/7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "3.0.4", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.1.1", status: "affected", version: "3.1.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "remediation developer", value: "Daniel Vaz Gaspar", }, { lang: "en", type: "finder", value: "Matt Freyre", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A low privilege authenticated user <span style=\"background-color: rgb(255, 255, 255);\">could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges.</span><br><br><span style=\"background-color: var(--wht);\">This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.</span><p>Users are recommended to upgrade to version 3.1.1, which fixes the issue.</p>", }, ], value: "A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges.\n\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-28T11:30:09.832Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s", }, { url: "http://www.openwall.com/lists/oss-security/2024/02/28/7", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Improper authorization validation on dashboards and charts import", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-26016", datePublished: "2024-02-28T11:28:38.319Z", dateReserved: "2024-02-14T11:18:04.978Z", dateUpdated: "2025-04-22T15:57:40.166Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27907
Vulnerability from cvelistv5
Published
2021-03-05 11:35
Modified
2025-02-13 16:27
Severity ?
EPSS score ?
Summary
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: Apache Superset < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:17.023Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c1873bea67a%40%3Cdev.superset.apache.org%3E", }, { name: "[superset-dev] 20210305 CVE-2021-27907: Apache Superset stored XSS on Dashboard markdown", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c1873bea67a%40%3Cdev.superset.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "0.38.0", status: "affected", version: "Apache Superset", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "This issue was reported by Gianluca Veltri and Dario Castrogiovanni of Cuebiq", }, ], descriptions: [ { lang: "en", value: "Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross-site Scripting (XSS)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-03T21:34:45.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c1873bea67a%40%3Cdev.superset.apache.org%3E", }, { name: "[superset-dev] 20210305 CVE-2021-27907: Apache Superset stored XSS on Dashboard markdown", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c1873bea67a%40%3Cdev.superset.apache.org%3E", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset stored XSS on Dashboard markdown", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-27907", STATE: "PUBLIC", TITLE: "Apache Superset stored XSS on Dashboard markdown", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Superset", version: { version_data: [ { version_affected: "<=", version_name: "Apache Superset", version_value: "0.38.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "This issue was reported by Gianluca Veltri and Dario Castrogiovanni of Cuebiq", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79 Cross-site Scripting (XSS)", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c1873bea67a%40%3Cdev.superset.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c1873bea67a%40%3Cdev.superset.apache.org%3E", }, { name: "[superset-dev] 20210305 CVE-2021-27907: Apache Superset stored XSS on Dashboard markdown", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c1873bea67a@%3Cdev.superset.apache.org%3E", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-27907", datePublished: "2021-03-05T11:35:15.000Z", dateReserved: "2021-03-02T00:00:00.000Z", dateUpdated: "2025-02-13T16:27:58.281Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43719
Vulnerability from cvelistv5
Published
2023-01-16 10:10
Modified
2025-04-07 15:04
Severity ?
EPSS score ?
Summary
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 2.0.0 ≤ Version: 0 ≤ 1.5.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.300Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-43719", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-07T15:03:55.986776Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-07T15:04:38.899Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.0.1", status: "affected", version: "2.0.0", versionType: "semver", }, { lessThanOrEqual: "1.5.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Vladimir Razov (Positive Technologies)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. <span style=\"background-color: rgb(255, 255, 255);\">This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n</span><br><br>", }, ], value: "Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n\n\n", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-02T10:16:08.496Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-43719", datePublished: "2023-01-16T10:10:27.487Z", dateReserved: "2022-10-24T10:12:53.061Z", dateUpdated: "2025-04-07T15:04:38.899Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43718
Vulnerability from cvelistv5
Published
2023-01-16 10:10
Modified
2025-04-07 15:06
Severity ?
EPSS score ?
Summary
Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 2.0.0 ≤ Version: 0 ≤ 1.5.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.455Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-43718", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-07T15:05:57.498993Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-07T15:06:28.119Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.0.1", status: "affected", version: "2.0.0", versionType: "semver", }, { lessThanOrEqual: "1.5.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Vladimir Razov (Positive Technologies)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. <span style=\"background-color: rgb(255, 255, 255);\">This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.</span><br>", }, ], value: "Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-02T10:15:09.446Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Cross-Site Scripting vulnerability on upload forms", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-43718", datePublished: "2023-01-16T10:10:04.630Z", dateReserved: "2022-10-24T10:11:30.466Z", dateUpdated: "2025-04-07T15:06:28.119Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1932
Vulnerability from cvelistv5
Published
2020-01-28 00:38
Modified
2024-08-04 06:54
Severity ?
EPSS score ?
Summary
An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0.34.0 Version: 0.34.1 Version: 0.35.0 Version: 0.35.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:54:00.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4e5323c3bc786005495311a6ff53ac6d990b2c7eb52941a1a13ce227%40%3Cdev.superset.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "0.34.0", }, { status: "affected", version: "0.34.1", }, { status: "affected", version: "0.35.0", }, { status: "affected", version: "0.35.1", }, ], }, ], descriptions: [ { lang: "en", value: "An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-28T00:38:15", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r4e5323c3bc786005495311a6ff53ac6d990b2c7eb52941a1a13ce227%40%3Cdev.superset.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-1932", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Superset", version: { version_data: [ { version_value: "0.34.0", }, { version_value: "0.34.1", }, { version_value: "0.35.0", }, { version_value: "0.35.1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r4e5323c3bc786005495311a6ff53ac6d990b2c7eb52941a1a13ce227%40%3Cdev.superset.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r4e5323c3bc786005495311a6ff53ac6d990b2c7eb52941a1a13ce227%40%3Cdev.superset.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-1932", datePublished: "2020-01-28T00:38:15", dateReserved: "2019-12-02T00:00:00", dateUpdated: "2024-08-04T06:54:00.326Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39264
Vulnerability from cvelistv5
Published
2023-09-06 12:58
Modified
2024-09-26 15:23
Severity ?
EPSS score ?
Summary
By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ 2.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.790Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39264", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:48:40.133061Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:23:54.656Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.1.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Miguel Segovia Gil", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. <span style=\"background-color: rgb(255, 255, 255);\">This vulnerability exists </span>in Apache Superset versions up to and including 2.1.0.", }, ], value: "By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T12:58:59.791Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Stack traces enabled by default", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-39264", datePublished: "2023-09-06T12:58:59.791Z", dateReserved: "2023-07-26T15:04:49.327Z", dateUpdated: "2024-09-26T15:23:54.656Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39265
Vulnerability from cvelistv5
Published
2023-09-06 13:00
Modified
2025-02-13 17:02
Severity ?
EPSS score ?
Summary
Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ 2.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.680Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39265", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T18:48:12.616873Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:48:35.245Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.1.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Naveen Sunkavally (Horizon3.ai)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. <span style=\"background-color: rgb(255, 255, 255);\">This vulnerability exists </span>in Apache Superset versions up to and including 2.1.0.", }, ], value: "Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-13T15:06:34.309Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy", }, { url: "http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Possible Unauthorized Registration of SQLite Database Connections", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-39265", datePublished: "2023-09-06T13:00:11.612Z", dateReserved: "2023-07-26T15:30:14.900Z", dateUpdated: "2025-02-13T17:02:41.251Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27525
Vulnerability from cvelistv5
Published
2023-04-17 16:28
Modified
2024-10-15 16:04
Severity ?
EPSS score ?
Summary
An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ 2.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:16:35.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-27525", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T16:03:40.666074Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T16:04:34.641Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.0.1", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "NTT DATA", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1<br><br>", }, ], value: "An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-17T16:28:00.286Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Incorrect default permissions for Gamma role", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-27525", datePublished: "2023-04-17T16:28:00.286Z", dateReserved: "2023-03-02T14:07:32.656Z", dateUpdated: "2024-10-15T16:04:34.641Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36388
Vulnerability from cvelistv5
Published
2023-09-06 12:53
Modified
2024-09-26 15:29
Severity ?
EPSS score ?
Summary
Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/ccmjjz4jp17yc2kcd18qshmdtf7qorfs | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ 2.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:45:56.372Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/ccmjjz4jp17yc2kcd18qshmdtf7qorfs", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36388", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:50:04.216811Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:29:00.723Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.1.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "https://github.com/vin01", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.<br><br>", }, ], value: "Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T12:53:57.035Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/ccmjjz4jp17yc2kcd18qshmdtf7qorfs", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Improper API permission for low privilege users allows for SSRF", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-36388", datePublished: "2023-09-06T12:53:57.035Z", dateReserved: "2023-06-21T14:31:40.491Z", dateUpdated: "2024-09-26T15:29:00.723Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27315
Vulnerability from cvelistv5
Published
2024-02-28 10:06
Modified
2024-10-03 12:30
Severity ?
EPSS score ?
Summary
An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data.
This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.
Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ Version: 3.1.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T00:28:00.428Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/02/28/3", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-27315", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-27T16:03:10.640750Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-27T16:03:22.362Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "3.0.4", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.1.1", status: "affected", version: "3.1.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Anastasios Stasinopoulos - OBRELA LABS", }, { lang: "en", type: "remediation developer", value: "Beto de Almeida", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data.<br></p><p>This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.</p><p>Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.</p>", }, ], value: "An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data.\n\n\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Information Exposure Through an Error Message", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-03T12:30:59.889Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Improper error handling on alerts", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-27315", datePublished: "2024-02-28T10:06:48.685Z", dateReserved: "2024-02-23T09:15:21.202Z", dateUpdated: "2024-10-03T12:30:59.889Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43721
Vulnerability from cvelistv5
Published
2023-01-16 10:10
Modified
2025-04-07 15:01
Severity ?
EPSS score ?
Summary
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 2.0.0 ≤ Version: 0 ≤ 1.5.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.461Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-43721", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-07T15:00:49.497412Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-07T15:01:48.626Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.0.1", status: "affected", version: "2.0.0", versionType: "semver", }, { lessThanOrEqual: "1.5.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Vladimir Razov (Positive Technologies)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. <span style=\"background-color: rgb(255, 255, 255);\">This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.</span><br>", }, ], value: "An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-02T10:16:48.359Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Open Redirect Vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-43721", datePublished: "2023-01-16T10:10:52.583Z", dateReserved: "2022-10-24T10:28:43.875Z", dateUpdated: "2025-04-07T15:01:48.626Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37941
Vulnerability from cvelistv5
Published
2023-09-06 13:06
Modified
2025-02-13 17:01
Severity ?
EPSS score ?
Summary
If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend.
The Superset metadata db is an 'internal' component that is typically
only accessible directly by the system administrator and the superset
process itself. Gaining access to that database should
be difficult and require significant privileges.
This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 1.5.0 ≤ 2.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:23:27.796Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/6qk1zscc06yogxxfgz2bh2bvz6vh9g7h", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "superset", vendor: "apache", versions: [ { lessThanOrEqual: "2.1.0", status: "affected", version: "1.5.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-37941", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T18:55:32.093667Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:56:40.047Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.1.0", status: "affected", version: "1.5.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Dinis Cruz, cruzdinis@ua.pt", }, { lang: "en", type: "finder", value: "Naveen Sunkavally (Horizon3.ai)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div>If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend.</div><div><br></div><div>The Superset metadata db is an 'internal' component that is typically \nonly accessible directly by the system administrator and the superset \nprocess itself. Gaining access to that database should\n be difficult and require significant privileges.<br></div><div><br></div><div>This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.<br></div>", }, ], value: "If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend.\n\nThe Superset metadata db is an 'internal' component that is typically \nonly accessible directly by the system administrator and the superset \nprocess itself. Gaining access to that database should\n be difficult and require significant privileges.\n\nThis vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-13T15:06:32.657Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/6qk1zscc06yogxxfgz2bh2bvz6vh9g7h", }, { url: "http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Metadata db write access can lead to remote code execution", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-37941", datePublished: "2023-09-06T13:06:20.879Z", dateReserved: "2023-07-11T09:41:42.046Z", dateUpdated: "2025-02-13T17:01:41.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27524
Vulnerability from cvelistv5
Published
2023-04-24 15:28
Modified
2025-02-03 16:40
Severity ?
EPSS score ?
Summary
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.
All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.
Add a strong SECRET_KEY to your `superset_config.py` file like:
SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>
Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ 2.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:16:35.472Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/04/24/2", }, { tags: [ "x_transferred", ], url: "https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html", }, { tags: [ "x_transferred", ], url: "https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-27524", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T16:30:35.297888Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-01-08", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-27524", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2025-02-03T16:40:05.497Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.0.1", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Naveen Sunkavally (Horizon3.ai)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.<br><br>All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.<br>Add a strong SECRET_KEY to your `superset_config.py` file like:<br><br>SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY><br><br>Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.<br>", }, ], value: "Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.\n\nAll superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.\nAdd a strong SECRET_KEY to your `superset_config.py` file like:\n\nSECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>\n\nAlternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.9, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1188", description: "CWE-1188 Insecure Default Initialization of Resource", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-08T09:07:31.645Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk", }, { url: "https://www.openwall.com/lists/oss-security/2023/04/24/2", }, { url: "https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html", }, { url: "https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Session validation vulnerability when using provided default SECRET_KEY", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-27524", datePublished: "2023-04-24T15:28:16.573Z", dateReserved: "2023-03-02T13:28:19.726Z", dateUpdated: "2025-02-03T16:40:05.497Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-37839
Vulnerability from cvelistv5
Published
2022-07-06 12:35
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: Apache Superset < 1.5.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:30:08.212Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "1.5.1", status: "affected", version: "Apache Superset", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Apache Superset would like to thank Dinesh for reporting this issue", }, ], descriptions: [ { lang: "en", value: "Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-273", description: "CWE-273 Improper Check for Dropped Privileges", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-06T14:06:28", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82", }, ], source: { discovery: "UNKNOWN", }, title: "Improper access to dataset metadata information ", workarounds: [ { lang: "en", value: "Upgrade to 1.5.1 or higher", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-37839", STATE: "PUBLIC", TITLE: "Improper access to dataset metadata information ", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Superset", version: { version_data: [ { version_affected: "<", version_name: "Apache Superset", version_value: "1.5.1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Apache Superset would like to thank Dinesh for reporting this issue", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-273 Improper Check for Dropped Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82", refsource: "MISC", url: "https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Upgrade to 1.5.1 or higher", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-37839", datePublished: "2022-07-06T12:35:10", dateReserved: "2021-08-02T00:00:00", dateUpdated: "2024-08-04T01:30:08.212Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45438
Vulnerability from cvelistv5
Published
2023-01-16 10:12
Modified
2025-04-07 14:59
Severity ?
EPSS score ?
Summary
When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 2.0.0 ≤ Version: 0 ≤ 1.5.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:09:57.033Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-45438", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-07T14:59:07.727991Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-07T14:59:56.105Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.0.1", status: "affected", version: "2.0.0", versionType: "semver", }, { lessThanOrEqual: "1.5.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Sunny Alexli", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. <span style=\"background-color: rgb(255, 255, 255);\">This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.</span><br>", }, ], value: "When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-668", description: "CWE-668 Exposure of Resource to Wrong Sphere", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-25T08:28:13.528Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Dashboard metadata information leak", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-45438", datePublished: "2023-01-16T10:12:02.872Z", dateReserved: "2022-11-15T10:36:44.454Z", dateUpdated: "2025-04-07T14:59:56.105Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42501
Vulnerability from cvelistv5
Published
2023-11-27 10:23
Modified
2025-02-13 17:09
Severity ?
EPSS score ?
Summary
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.
This issue affects Apache Superset: before 2.1.2.
Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:23:39.502Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/11/27/3", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:apache_software_foundation:apache_superset:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "apache_superset", vendor: "apache_software_foundation", versions: [ { lessThan: "2.12", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-42501", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-29T19:01:45.929047Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-29T19:05:51.288Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.1.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Miguel Segovia Gil", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.<br>This issue affects Apache Superset: before 2.1.2.<br>Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.<br><br>", }, ], value: "Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.\nThis issue affects Apache Superset: before 2.1.2.\nUsers should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-27T10:25:07.167Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh", }, { url: "http://www.openwall.com/lists/oss-security/2023/11/27/3", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Unnecessary read permissions within the Gamma role", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-42501", datePublished: "2023-11-27T10:23:47.721Z", dateReserved: "2023-09-11T09:03:06.448Z", dateUpdated: "2025-02-13T17:09:24.041Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42505
Vulnerability from cvelistv5
Published
2023-11-28 16:26
Modified
2025-02-13 17:09
Severity ?
EPSS score ?
Summary
An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.
This issue affects Apache Superset before 3.0.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:23:38.893Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/11/28/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "3.0.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Leonel John Erik Angel Torres", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.<br><br></p><p>This issue affects Apache Superset before 3.0.0.<br></p>", }, ], value: "An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.\n\nThis issue affects Apache Superset before 3.0.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-28T16:30:08.946Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y", }, { url: "http://www.openwall.com/lists/oss-security/2023/11/28/5", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Sensitive information disclosure on db connection details", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-42505", datePublished: "2023-11-28T16:26:58.326Z", dateReserved: "2023-09-11T12:34:12.410Z", dateUpdated: "2025-02-13T17:09:25.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-53949
Vulnerability from cvelistv5
Published
2024-12-09 13:35
Modified
2025-02-12 09:34
Severity ?
EPSS score ?
Summary
Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API.
issue affects Apache Superset: from 2.0.0 before 4.1.0.
Users are recommended to upgrade to version 4.1.0, which fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/d3scbwmfpzbpm6npnzdw5y4owtqqyq8d | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 2.0.0 ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "superset", vendor: "apache", versions: [ { lessThan: "4.1.0", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-53949", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-09T15:01:51.427048Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-09T15:02:59.676Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-12-09T18:03:43.157Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/12/09/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "4.1.0", status: "affected", version: "2.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Jonathan Zimmerman", }, { lang: "en", type: "remediation developer", value: "Hugh Miles", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Improper Authorization vulnerability in Apache Superset when <span style=\"background-color: rgb(255, 255, 255);\">FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API.</span></p><p> issue affects Apache Superset: from 2.0.0 before 4.1.0.</p><p>Users are recommended to upgrade to version 4.1.0, which fixes the issue.</p>", }, ], value: "Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API.\n\n issue affects Apache Superset: from 2.0.0 before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.", }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 7.6, baseSeverity: "HIGH", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-12T09:34:57.804Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/d3scbwmfpzbpm6npnzdw5y4owtqqyq8d", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-53949", datePublished: "2024-12-09T13:35:41.530Z", dateReserved: "2024-11-25T11:35:43.585Z", dateUpdated: "2025-02-12T09:34:57.804Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27526
Vulnerability from cvelistv5
Published
2023-09-06 12:44
Modified
2024-09-26 15:29
Severity ?
EPSS score ?
Summary
A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/ndww89yl2jd98lvn23n9cj722lfdg8dv | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ 2.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:16:35.577Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/ndww89yl2jd98lvn23n9cj722lfdg8dv", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-27526", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:50:41.437124Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:29:27.835Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.1.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "NTT DATA", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. <br>", }, ], value: "A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. \n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T12:44:45.161Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/ndww89yl2jd98lvn23n9cj722lfdg8dv", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Improper Authorization check on import charts", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-27526", datePublished: "2023-09-06T12:44:45.161Z", dateReserved: "2023-03-02T14:15:34.897Z", dateUpdated: "2024-09-26T15:29:27.835Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41972
Vulnerability from cvelistv5
Published
2021-11-12 18:55
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v | x_refsource_MISC | |
| https://seclists.org/oss-sec/2021/q4/106 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: Apache Superset < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:22:25.770Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://seclists.org/oss-sec/2021/q4/106", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "1.3.1", status: "affected", version: "Apache Superset", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Apache Superset team would like to thank Ke Zhu for reporting this issue", }, ], descriptions: [ { lang: "en", value: "Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-522", description: "CWE-522 Insufficiently Protected Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-12T18:55:13", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v", }, { tags: [ "x_refsource_MISC", ], url: "https://seclists.org/oss-sec/2021/q4/106", }, ], source: { discovery: "UNKNOWN", }, title: "Credentials leak", workarounds: [ { lang: "en", value: "Upgrade to Apache Superset 1.3.2 or higher", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-41972", STATE: "PUBLIC", TITLE: "Credentials leak", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Superset", version: { version_data: [ { version_affected: "<=", version_name: "Apache Superset", version_value: "1.3.1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Apache Superset team would like to thank Ke Zhu for reporting this issue", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-522 Insufficiently Protected Credentials", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v", refsource: "MISC", url: "https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v", }, { name: "https://seclists.org/oss-sec/2021/q4/106", refsource: "MISC", url: "https://seclists.org/oss-sec/2021/q4/106", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Upgrade to Apache Superset 1.3.2 or higher", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-41972", datePublished: "2021-11-12T18:55:13", dateReserved: "2021-10-04T00:00:00", dateUpdated: "2024-08-04T03:22:25.770Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25504
Vulnerability from cvelistv5
Published
2023-04-17 16:29
Modified
2025-02-13 16:44
Severity ?
EPSS score ?
Summary
A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery
attacks and query internal resources on behalf of the server where Superset
is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ 2.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:25:18.492Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/tdnzkocfsqg2sbbornnp9g492fn4zhtx", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/04/18/8", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25504", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T15:07:39.289753Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T15:07:48.714Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.0.1", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Alexey Sabadash, VK", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery\nattacks and query internal resources on behalf of the server where Superset\nis deployed. This vulnerability exists </span>in Apache Superset versions up to and including 2.0.1.<br>", }, ], value: "A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery\nattacks and query internal resources on behalf of the server where Superset\nis deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-18T02:06:15.647Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/tdnzkocfsqg2sbbornnp9g492fn4zhtx", }, { url: "http://www.openwall.com/lists/oss-security/2023/04/18/8", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Possible SSRF on import datasets", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-25504", datePublished: "2023-04-17T16:29:43.729Z", dateReserved: "2023-02-06T21:18:11.420Z", dateUpdated: "2025-02-13T16:44:30.258Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43720
Vulnerability from cvelistv5
Published
2023-01-16 10:10
Modified
2025-04-07 15:03
Severity ?
EPSS score ?
Summary
An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 2.0.0 ≤ Version: 0 ≤ 1.5.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.549Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-43720", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-07T15:02:39.884193Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-07T15:03:05.455Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.0.1", status: "affected", version: "2.0.0", versionType: "semver", }, { lessThanOrEqual: "1.5.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Anton Vaychikauskas (Positive Technologies)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. <span style=\"background-color: rgb(255, 255, 255);\">This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.</span><br>", }, ], value: "An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-74", description: "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-02T10:16:30.809Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Improper rendering of user input", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-43720", datePublished: "2023-01-16T10:10:41.565Z", dateReserved: "2022-10-24T10:13:23.347Z", dateUpdated: "2025-04-07T15:03:05.455Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24772
Vulnerability from cvelistv5
Published
2024-02-28 11:26
Modified
2025-02-12 09:27
Severity ?
EPSS score ?
Summary
A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.
Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ Version: 3.1.0 ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-24772", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-26T17:55:04.679269Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T17:55:25.646Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:28:11.938Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/02/28/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "3.0.4", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.1.1", status: "affected", version: "3.1.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "remediation developer", value: "Beto Ferreira De Almeida", }, { lang: "en", type: "finder", value: "Linden Haynes", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.<p><span style=\"background-color: var(--wht);\">This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.</span><br></p><p>Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.</p>", }, ], value: "A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-12T09:27:34.758Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Improper Neutralisation of custom SQL on embedded context", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-24772", datePublished: "2024-02-28T11:26:45.745Z", dateReserved: "2024-01-30T09:30:45.573Z", dateUpdated: "2025-02-12T09:27:34.758Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-49734
Vulnerability from cvelistv5
Published
2023-12-19 09:52
Modified
2025-02-13 17:18
Severity ?
EPSS score ?
Summary
An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.
Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ Version: 3.0.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:01:26.049Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/19/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.1.2", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.0.2", status: "affected", version: "3.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Jordan Velich", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.<p>This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.</p><p>Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.</p>", }, ], value: "An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-19T09:55:04.861Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5", }, { url: "http://www.openwall.com/lists/oss-security/2023/12/19/3", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Privilege Escalation Vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-49734", datePublished: "2023-12-19T09:52:13.373Z", dateReserved: "2023-11-30T12:29:59.894Z", dateUpdated: "2025-02-13T17:18:54.094Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32672
Vulnerability from cvelistv5
Published
2023-09-06 13:16
Modified
2024-09-26 15:52
Severity ?
EPSS score ?
Summary
An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/ococ6nlj80f0okkwfwpjczy3q84j3wkp | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ 2.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.704Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/ococ6nlj80f0okkwfwpjczy3q84j3wkp", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32672", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:46:32.863305Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:52:02.025Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.1.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Arnaud Pascal @ Vaadata", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.<br><br>", }, ], value: "An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T13:16:02.396Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/ococ6nlj80f0okkwfwpjczy3q84j3wkp", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: SQL parser edge case bypasses data access authorization", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-32672", datePublished: "2023-09-06T13:16:02.396Z", dateReserved: "2023-05-11T14:26:39.767Z", dateUpdated: "2024-09-26T15:52:02.025Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40610
Vulnerability from cvelistv5
Published
2023-11-27 10:22
Modified
2025-02-13 17:08
Severity ?
EPSS score ?
Summary
Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:51.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/11/27/2", }, { tags: [ "x_transferred", ], url: "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.1.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "LEXFO for Orange Innovation and Orange CERT-CC at Orange group", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.<br><br>", }, ], value: "Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-10T16:49:59.636Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot", }, { url: "http://www.openwall.com/lists/oss-security/2023/11/27/2", }, { url: "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Superset: Privilege escalation with default examples database", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-40610", datePublished: "2023-11-27T10:22:41.083Z", dateReserved: "2023-08-17T12:56:13.976Z", dateUpdated: "2025-02-13T17:08:36.601Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44451
Vulnerability from cvelistv5
Published
2022-02-01 13:16
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Version: Apache Superset < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.474Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Superset", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "1.3.2", status: "affected", version: "Apache Superset", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Found and reported by Cesar Santos", }, ], descriptions: [ { lang: "en", value: "Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-522", description: "CWE-522 Insufficiently Protected Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-01T13:16:32", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb", }, ], source: { discovery: "UNKNOWN", }, title: "API sensitive information leak", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-44451", STATE: "PUBLIC", TITLE: "API sensitive information leak", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Superset", version: { version_data: [ { version_affected: "<=", version_name: "Apache Superset", version_value: "1.3.2", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Found and reported by Cesar Santos", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-522 Insufficiently Protected Credentials", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb", refsource: "MISC", url: "https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-44451", datePublished: "2022-02-01T13:16:32", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.474Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }