cnvd - cnvd-2024-06820

cnvd-2024-06820

Vulnerability from cnvd

Title: Apache Superset安全绕过漏洞（CNVD-2024-06820）

Description:

Apache Superset是一个基于Python的开源数据可视化工具。

Apache Superset存在安全绕过漏洞，攻击者可利用该漏洞测试数据库连接。

Severity: 中

Patch Name: Apache Superset安全绕过漏洞（CNVD-2024-06820）的补丁

Patch Description:

Apache Superset是一个基于Python的开源数据可视化工具。

Apache Superset存在安全绕过漏洞，攻击者可利用该漏洞测试数据库连接。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3

Reference: https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3

Impacted products

Name
Apache Superset <=2.1.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-36387",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-36387"
    }
  },
  "description": "Apache Superset\u662f\u4e00\u4e2a\u57fa\u4e8ePython\u7684\u5f00\u6e90\u6570\u636e\u53ef\u89c6\u5316\u5de5\u5177\u3002\n\nApache Superset\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6d4b\u8bd5\u6570\u636e\u5e93\u8fde\u63a5\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-06820",
  "openTime": "2024-02-01",
  "patchDescription": "Apache Superset\u662f\u4e00\u4e2a\u57fa\u4e8ePython\u7684\u5f00\u6e90\u6570\u636e\u53ef\u89c6\u5316\u5de5\u5177\u3002\r\n\r\nApache Superset\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6d4b\u8bd5\u6570\u636e\u5e93\u8fde\u63a5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Superset\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2024-06820\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Superset \u003c=2.1.0"
  },
  "referenceLink": "https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3",
  "serverity": "\u4e2d",
  "submitTime": "2023-09-11",
  "title": "Apache Superset\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2024-06820\uff09"
}

CVE-2023-36387 (GCVE-0-2023-36387)

Vulnerability from cvelistv5

Published

2023-09-06 12:19

Modified

2024-09-26 18:10

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CWE

CWE-863 - Incorrect Authorization

Summary

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.

References

▼	URL	Tags
	https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3	vendor-advisory
	https://github.com/apache/superset/pull/24185	patch

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Superset	Version: 0 ≤ 2.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:45:56.364Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/apache/superset/pull/24185"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36387",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T18:00:10.551029Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T18:10:35.983Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Superset",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Miguel Segovia Gil"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.\u003cbr\u003e"
            }
          ],
          "value": "An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-17T07:53:19.055Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/superset/pull/24185"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Superset: Improper API permission for low privilege users",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-36387",
    "datePublished": "2023-09-06T12:19:39.908Z",
    "dateReserved": "2023-06-21T14:06:35.892Z",
    "dateUpdated": "2024-09-26T18:10:35.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted