PT-2023-31313 · Apache · Apache Superset

Jordan Velich

Published

2023-12-19

Updated

2025-02-05

CVE-2023-49734

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 2.1.3 Apache Superset versions 3.0.0 through 3.0.1

Description An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts. About 15,493 results are mainly distributed in the United States, China, and other countries.

Recommendations For Apache Superset versions prior to 2.1.3, upgrade to version 2.1.3. For Apache Superset versions 3.0.0 through 3.0.1, upgrade to version 3.0.2.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BIT-SUPERSET-2023-49734

CVE-2023-49734

GHSA-G49J-J489-3XPF

Affected Products

Apache Superset

PT-2023-31313 · Apache · Apache Superset

CVE-2023-49734

Weakness Enumeration

Related Identifiers

Affected Products

References · 18