cvelistv5 - cve-2023-49736

CVE-2023-49736 (GCVE-0-2023-49736)

Vulnerability from cvelistv5

Published

2023-12-19 09:33

Modified

2025-02-13 17:18

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Summary

A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.

References

URL

	Vendor	Product	Version
	Apache Software Foundation	Apache Superset	Version: 0 ≤ Version: 3.0.0 ≤

wid-sec-w-2023-3184

Vulnerability from csaf_certbund

Published

2023-12-19 23:00

Modified

2024-02-14 23:00

Summary

Apache Superset: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Apache Superset ist eine Open-Source-Plattform zur Datenexploration und -visualisierung.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Apache Superset ausnutzen, um einen Denial of Service zu verursachen, Sicherheitseinstellungen zu umgehen und einen SQL-Injection Angriff durchzuführen.

Betroffene Betriebssysteme

- UNIX - Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Superset ist eine Open-Source-Plattform zur Datenexploration und -visualisierung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Apache Superset ausnutzen, um einen Denial of Service zu verursachen, Sicherheitseinstellungen zu umgehen und einen SQL-Injection Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3184 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3184.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3184 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3184"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2023-12-19",
        "url": "https://seclists.org/oss-sec/2023/q4/293"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2023-12-19",
        "url": "https://seclists.org/oss-sec/2023/q4/295"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2023-12-19",
        "url": "https://seclists.org/oss-sec/2023/q4/294"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Superset: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-02-14T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:03:00.055+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-3184",
      "initial_release_date": "2023-12-19T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-12-19T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-02-14T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.0.2",
                "product": {
                  "name": "Apache Superset \u003c 3.0.2",
                  "product_id": "1532228"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 2.1.3",
                "product": {
                  "name": "Apache Superset \u003c 2.1.3",
                  "product_id": "T031759"
                }
              }
            ],
            "category": "product_name",
            "name": "Superset"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-23952",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Superset. Beim Hochladen einer b\u00f6sartige ZIP-Datei zum Import von Datenbanken, Dashboards oder Datens\u00e4tzen kann es zu unkontrolliertem Ressourcenverbrauch kommen. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "release_date": "2023-12-19T23:00:00.000+00:00",
      "title": "CVE-2024-23952"
    },
    {
      "cve": "CVE-2023-46104",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Superset. Beim Hochladen einer b\u00f6sartige ZIP-Datei zum Import von Datenbanken, Dashboards oder Datens\u00e4tzen kann es zu unkontrolliertem Ressourcenverbrauch kommen. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "release_date": "2023-12-19T23:00:00.000+00:00",
      "title": "CVE-2023-46104"
    },
    {
      "cve": "CVE-2023-49734",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Superset. Ein authentifizierter Gamma-Benutzer, der ein Dashboard erstellt und diesem Diagramme hinzuzuf\u00fcgt, wird automatisch zu einem der Eigent\u00fcmer der Diagramme, so dass er f\u00e4lschlicherweise \u00fcber Schreibrechte f\u00fcr diese Diagramme verf\u00fcgt. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitseinstellungen zu umgehen."
        }
      ],
      "release_date": "2023-12-19T23:00:00.000+00:00",
      "title": "CVE-2023-49734"
    },
    {
      "cve": "CVE-2023-49736",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Superset. Ein \"where_in\" JINJA-Makro erm\u00f6glicht es Benutzern, ein Quote anzugeben, das in Kombination mit einer sorgf\u00e4ltig ausgearbeiteten Anweisung eine SQL Injection erm\u00f6glicht. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen SQL-Injection Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2023-12-19T23:00:00.000+00:00",
      "title": "CVE-2023-49736"
    }
  ]
}

WID-SEC-W-2023-3184

Vulnerability from csaf_certbund

Published

2023-12-19 23:00

Modified

2024-02-14 23:00

Summary

Apache Superset: Mehrere Schwachstellen

Notes

Produktbeschreibung

Apache Superset ist eine Open-Source-Plattform zur Datenexploration und -visualisierung.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Apache Superset ausnutzen, um einen Denial of Service zu verursachen, Sicherheitseinstellungen zu umgehen und einen SQL-Injection Angriff durchzuführen.

Betroffene Betriebssysteme

- UNIX - Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Superset ist eine Open-Source-Plattform zur Datenexploration und -visualisierung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Apache Superset ausnutzen, um einen Denial of Service zu verursachen, Sicherheitseinstellungen zu umgehen und einen SQL-Injection Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3184 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3184.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3184 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3184"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2023-12-19",
        "url": "https://seclists.org/oss-sec/2023/q4/293"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2023-12-19",
        "url": "https://seclists.org/oss-sec/2023/q4/295"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2023-12-19",
        "url": "https://seclists.org/oss-sec/2023/q4/294"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Superset: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-02-14T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:03:00.055+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-3184",
      "initial_release_date": "2023-12-19T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-12-19T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-02-14T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.0.2",
                "product": {
                  "name": "Apache Superset \u003c 3.0.2",
                  "product_id": "1532228"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 2.1.3",
                "product": {
                  "name": "Apache Superset \u003c 2.1.3",
                  "product_id": "T031759"
                }
              }
            ],
            "category": "product_name",
            "name": "Superset"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-23952",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Superset. Beim Hochladen einer b\u00f6sartige ZIP-Datei zum Import von Datenbanken, Dashboards oder Datens\u00e4tzen kann es zu unkontrolliertem Ressourcenverbrauch kommen. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "release_date": "2023-12-19T23:00:00.000+00:00",
      "title": "CVE-2024-23952"
    },
    {
      "cve": "CVE-2023-46104",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Superset. Beim Hochladen einer b\u00f6sartige ZIP-Datei zum Import von Datenbanken, Dashboards oder Datens\u00e4tzen kann es zu unkontrolliertem Ressourcenverbrauch kommen. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "release_date": "2023-12-19T23:00:00.000+00:00",
      "title": "CVE-2023-46104"
    },
    {
      "cve": "CVE-2023-49734",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Superset. Ein authentifizierter Gamma-Benutzer, der ein Dashboard erstellt und diesem Diagramme hinzuzuf\u00fcgt, wird automatisch zu einem der Eigent\u00fcmer der Diagramme, so dass er f\u00e4lschlicherweise \u00fcber Schreibrechte f\u00fcr diese Diagramme verf\u00fcgt. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitseinstellungen zu umgehen."
        }
      ],
      "release_date": "2023-12-19T23:00:00.000+00:00",
      "title": "CVE-2023-49734"
    },
    {
      "cve": "CVE-2023-49736",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Superset. Ein \"where_in\" JINJA-Makro erm\u00f6glicht es Benutzern, ein Quote anzugeben, das in Kombination mit einer sorgf\u00e4ltig ausgearbeiteten Anweisung eine SQL Injection erm\u00f6glicht. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen SQL-Injection Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2023-12-19T23:00:00.000+00:00",
      "title": "CVE-2023-49736"
    }
  ]
}

cnvd-2024-01021

Vulnerability from cnvd

Title

Apache Superset SQL注入漏洞（CNVD-2024-0102192）

Description

Apache Superset是美国阿帕奇（Apache）基金会的一个数据可视化和数据探索平台。 Apache Superset存在SQL注入漏洞，经过身份验证的远程攻击者可利用该漏洞向where_in JINJA宏发送特制的SQL语句。

Severity

中

Patch Name

Apache Superset SQL注入漏洞（CNVD-2024-0102192）的补丁

Patch Description

Apache Superset是美国阿帕奇（Apache）基金会的一个数据可视化和数据探索平台。 Apache Superset存在SQL注入漏洞，经过身份验证的远程攻击者可利用该漏洞向where_in JINJA宏发送特制的SQL语句。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p

Reference

https://cxsecurity.com/cveshow/CVE-2023-49736/

Impacted products

Name
['Apache Superset <2.1.2', 'Apache Superset >=3.0.0，<3.0.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-49736",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-49736"
    }
  },
  "description": "Apache Superset\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u6570\u636e\u53ef\u89c6\u5316\u548c\u6570\u636e\u63a2\u7d22\u5e73\u53f0\u3002\n\nApache Superset\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411where_in JINJA\u5b8f\u53d1\u9001\u7279\u5236\u7684SQL\u8bed\u53e5\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-01021",
  "openTime": "2024-01-08",
  "patchDescription": "Apache Superset\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u6570\u636e\u53ef\u89c6\u5316\u548c\u6570\u636e\u63a2\u7d22\u5e73\u53f0\u3002\r\n\r\nApache Superset\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411where_in JINJA\u5b8f\u53d1\u9001\u7279\u5236\u7684SQL\u8bed\u53e5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Superset SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2024-0102192\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Superset \u003c2.1.2",
      "Apache Superset \u003e=3.0.0\uff0c\u003c3.0.2"
    ]
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2023-49736/",
  "serverity": "\u4e2d",
  "submitTime": "2023-12-21",
  "title": "Apache Superset SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2024-0102192\uff09"
}

fkie_cve-2023-49736

Vulnerability from fkie_nvd

Published

2023-12-19 10:15

Modified

2025-02-13 18:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@apache.org	http://www.openwall.com/lists/oss-security/2023/12/19/2	Mailing List, Third Party Advisory
security@apache.org	https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/12/19/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p	Mailing List, Vendor Advisory

Impacted products

	Vendor	Product	Version
	apache	superset	*
	apache	superset	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15732220-B366-4C92-A7D6-8C5DF4C9CA20",
              "versionEndExcluding": "2.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23576169-716C-4703-BFB2-7F061CEED2CF",
              "versionEndExcluding": "3.0.2",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement\u00a0would allow for SQL injection\u00a0in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 3.0.2, which fixes the issue."
    },
    {
      "lang": "es",
      "value": "Una macro Where_in JINJA permite a los usuarios especificar una cita, que combinada con una declaraci\u00f3n cuidadosamente manipulada permitir\u00eda la inyecci\u00f3n de SQL en Apache Superset. Este problema afecta a Apache Superset: antes de 2.1.2, desde 3.0.0 antes de 3.0.2. Se recomienda a los usuarios actualizar a la versi\u00f3n 3.0.2, que soluciona el problema."
    }
  ],
  "id": "CVE-2023-49736",
  "lastModified": "2025-02-13T18:15:45.373",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security@apache.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-19T10:15:08.323",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/12/19/2"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/12/19/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

ghsa-jfxj-xf67-x723

Vulnerability from github

Published

2023-12-19 12:30

Modified

2025-02-13 19:29

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

Apache Superset SQL injection vulnerability

Details

Users are recommended to upgrade to version 2.1.3 or 3.0.2, which fixes the issue.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-superset"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-superset"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-49736"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-19T21:10:09Z",
    "nvd_published_at": "2023-12-19T10:15:08Z",
    "severity": "MODERATE"
  },
  "details": "A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement\u00a0would allow for SQL injection\u00a0in Apache Superset.This issue affects Apache Superset: before 2.1.3, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 2.1.3 or 3.0.2, which fixes the issue.",
  "id": "GHSA-jfxj-xf67-x723",
  "modified": "2025-02-13T19:29:16Z",
  "published": "2023-12-19T12:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49736"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/superset/pull/25779"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/superset/commit/1d403dab9822a8cee6108669c53e53fad881c751"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/superset/commit/34101594e284ab3acce692f41aff7759ccb4bf1d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/superset"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/12/19/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Superset SQL injection vulnerability"
}

gsd-2023-49736

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-49736

Aliases

CVE-2023-49736

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-49736",
    "id": "GSD-2023-49736"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-49736"
      ],
      "details": "A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement\u00a0would allow for SQL injection\u00a0in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 3.0.2, which fixes the issue.\n\n",
      "id": "GSD-2023-49736",
      "modified": "2023-12-13T01:20:34.899150Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2023-49736",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Superset",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "2.1.2"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "3.0.0",
                          "version_value": "3.0.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Jack Prince-Fulls ( jf@incyan.com )"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement\u00a0would allow for SQL injection\u00a0in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 3.0.2, which fixes the issue.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-89",
                "lang": "eng",
                "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "15732220-B366-4C92-A7D6-8C5DF4C9CA20",
                    "versionEndExcluding": "2.1.2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "23576169-716C-4703-BFB2-7F061CEED2CF",
                    "versionEndExcluding": "3.0.2",
                    "versionStartIncluding": "3.0.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement\u00a0would allow for SQL injection\u00a0in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 3.0.2, which fixes the issue.\n\n"
          },
          {
            "lang": "es",
            "value": "Una macro Where_in JINJA permite a los usuarios especificar una cita, que combinada con una declaraci\u00f3n cuidadosamente manipulada permitir\u00eda la inyecci\u00f3n de SQL en Apache Superset. Este problema afecta a Apache Superset: antes de 2.1.2, desde 3.0.0 antes de 3.0.2. Se recomienda a los usuarios actualizar a la versi\u00f3n 3.0.2, que soluciona el problema."
          }
        ],
        "id": "CVE-2023-49736",
        "lastModified": "2023-12-28T17:16:12.767",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.6,
              "source": "security@apache.org",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-12-19T10:15:08.323",
        "references": [
          {
            "source": "security@apache.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/19/2"
          },
          {
            "source": "security@apache.org",
            "tags": [
              "Mailing List",
              "Vendor Advisory"
            ],
            "url": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p"
          }
        ],
        "sourceIdentifier": "security@apache.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-89"
              }
            ],
            "source": "security@apache.org",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-49736 (GCVE-0-2023-49736)

Vulnerability from cvelistv5

wid-sec-w-2023-3184

Vulnerability from csaf_certbund

WID-SEC-W-2023-3184

Vulnerability from csaf_certbund

cnvd-2024-01021

Vulnerability from cnvd

fkie_cve-2023-49736

Vulnerability from fkie_nvd

ghsa-jfxj-xf67-x723

Vulnerability from github

gsd-2023-49736

Vulnerability from gsd

Tags

Sightings

Nomenclature