PT-2023-25567 · Apache · Apache Superset

Vin01

Publicado

2023-09-06

Atualizado

2025-02-05

CVE-2023-36388

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Superset versions up to and including 2.1.0

Description The issue is related to improper REST API permission in Apache Superset, allowing authenticated Gamma users to test network connections, which may lead to a possible Server-Side Request Forgery (SSRF) attack.

Recommendations For Apache Superset versions up to and including 2.1.0, consider restricting access to the REST API until a patch is available. As a temporary workaround, limit the permissions of Gamma users to prevent them from testing network connections.

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

BIT-SUPERSET-2023-36388

CVE-2023-36388

GHSA-4FG9-5W46-XMRJ

Produtos afetados

Apache Superset

PT-2023-25567 · Apache · Apache Superset

CVE-2023-36388

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11