5 matches found
CVE-2023-36388
Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF...
Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks
Patches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update version 2.1.1 plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions...
CVE-2023-36388
creationtimestamp| type| source ---|---|--- 2023-09-06 16:17:40+00:00| seen| https://t.me/cibsecurity/69998...
CVE-2023-36388
Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF...
CVE-2023-36388
CVE-2023-36388 concerns Apache Superset. The issue is an improper REST API permission configuration that allows an authenticated, low-privilege user to initiate network connections, enabling possible SSRF. The vulnerability affects Superset up to version 2.1.0 (and older per disclosures), with th...