Lucene search
ApacheCVELIST:CVE-2023-42504HistoryNov 28, 2023 - 5:59 p.m.
CVE-2023-42504 Apache Superset: Lack of rate limiting allows for possible denial of service
2023-11-2817:59:59
CWE-770
apache
www.cve.org
4
cve-2023-42504
apache superset
rate limiting
denial of service
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
EPSS
0.001
Percentile
26.9%
An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.
This issue affects Apache Superset: before 3.0.0
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
nvd
nvd
CVE-2023-42504
2023-11-28 18:15:08
github
github
cve
cve
CVE-2023-42504
2023-11-28 18:15:08
osv
osv
CVE-2023-42504
2023-11-28 18:15:08
prion
prion
Design/Logic Flaw
2023-11-28 18:15:00
cnvd
cnvd
Apache Superset Denial of Service Vulnerability (CNVD-2024-0681631)
2023-11-30 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-11-29 10:12:00
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
EPSS
0.001
Percentile
26.9%
Related for CVELIST:CVE-2023-42504