PT-2023-28376 · Apache · Apache Superset

Miguel Segovia Gil

·

Publicado

2023-11-27

·

Atualizado

2025-02-05

·

CVE-2023-42501

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 2.1.2
Description The issue allows authenticated users to read configured CSS templates and annotations due to unnecessary read permissions within the Gamma role.
Recommendations For versions prior to 2.1.2, upgrade to version 2.1.2 or above and run superset init to reconstruct the Gamma role or remove can read permission from the mentioned resources.

Correção

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276

Identificadores relacionados

BIT-SUPERSET-2023-42501
CVE-2023-42501
GHSA-VV65-FJFJ-4736

Produtos afetados

Apache Superset