GoogleOSV:GHSA-G49J-J489-3XPFApache Superset incorrect write permissions vulnerability
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
15.5%
An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.3, from 3.0.0 before 3.0.2.
Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.
References
www.openwall.com/lists/oss-security/2023/12/19/3
github.com/apache/superset
github.com/apache/superset/commit/5198279a2ba41ab3e89bd9d7750694179d3f9fe6
github.com/apache/superset/commit/cb6de0a9c9f505ee3f26e79ca9bfa5f3901528a0
github.com/apache/superset/pull/25843
lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5
nvd.nist.gov/vuln/detail/CVE-2023-49734
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
15.5%