CVE-2023-32672

Name of the Vulnerable Software and Affected Versions Apache Superset versions up to and including 2.1.0

Description The issue is related to an incorrect authorization check in SQLLab, allowing an authenticated user to query tables they do not have proper access to. This can be exploited by leveraging a SQL parsing vulnerability.

Recommendations For Apache Superset versions up to and including 2.1.0, update to a version later than 2.1.0 to resolve the issue. As a temporary workaround, consider restricting access to SQLLab or limiting the privileges of authenticated users to minimize the risk of exploitation.