Lucene search
PRIOn knowledge basePRION:CVE-2023-39265HistorySep 06, 2023 - 2:15 p.m.
Design/Logic Flaw
2023-09-0614:15:00
PRIOn knowledge base
www.prio-n.com
11
apache superset
sqlite
database connections
unexpected file creation
severe vulnerabilities
versions up to 2.1.0
Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names likeΒ sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity.Β This vulnerability exists in Apache Superset versions up to and including 2.1.0.
Related
cve
cve
CVE-2023-39265
2023-09-06 14:15:10
github
github
Apache Superset Improper Input Validation vulnerability
2023-09-06 15:30:27
nvd
nvd
CVE-2023-39265
2023-09-06 14:15:10
veracode
veracode
Improper Input Validation
2023-09-12 07:13:06
cvelist
cvelist
osv
osv
CVE-2023-39265
2023-09-06 14:15:10
Apache Superset Improper Input Validation vulnerability
2023-09-06 15:30:27
metasploit
metasploit
Apache Superset Signed Cookie RCE
2023-09-13 19:26:29
packetstorm
packetstorm
Apache Superset 2.0.0 Remote Code Execution
2023-10-13 00:00:00
zdt
zdt
Apache Superset 2.0.0 Remote Code Execution Exploit
2023-10-15 00:00:00
thn
thn