PT-2023-31313 · Apache · Apache Superset

Jordan Velich

Publicado

2023-12-19

Atualizado

2025-02-05

CVE-2023-49734

CVSS v3.1

7.7

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 2.1.3 Apache Superset versions 3.0.0 through 3.0.1

Description An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts. About 15,493 results are mainly distributed in the United States, China, and other countries.

Recommendations For Apache Superset versions prior to 2.1.3, upgrade to version 2.1.3. For Apache Superset versions 3.0.0 through 3.0.1, upgrade to version 3.0.2.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

BIT-SUPERSET-2023-49734

CVE-2023-49734

GHSA-G49J-J489-3XPF

Produtos afetados

Apache Superset

PT-2023-31313 · Apache · Apache Superset

CVE-2023-49734

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18