PT-2023-28376 · Apache · Apache Superset
Miguel Segovia Gil
·
Published
2023-11-27
·
Updated
2025-02-05
·
CVE-2023-42501
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Superset versions prior to 2.1.2
Description
The issue allows authenticated users to read configured CSS templates and annotations due to unnecessary read permissions within the Gamma role.
Recommendations
For versions prior to 2.1.2, upgrade to version 2.1.2 or above and run
superset init to reconstruct the Gamma role or remove can read permission from the mentioned resources.Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Superset