14 matches found
CVE-2023-42501
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...
BIT-SUPERSET-2023-42501 Apache Superset: Unnecessary read permissions within the Gamma role
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...
Apache Superset Information Disclosure Vulnerability (CNVD-2024-0681549)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An information disclosure vulnerability exists in Apache Superset versions prior to 2.1.2, which can be exploited by an authenticated attacker to read configured CSS templates and comments...
Apache Superset has Incorrect Default Permissions
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...
CVE-2023-42501
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...
CVE-2023-42501
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...
Design/Logic Flaw
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...
CVE-2023-42501 Apache Superset: Unnecessary read permissions within the Gamma role
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...
CVE-2023-42501 Apache Superset: Unnecessary read permissions within the Gamma role
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...
CVE-2023-42501
Apache Superset prior to 2.1.2 is affected by CVE-2023-42501, where the Gamma role grants unnecessary read permissions, allowing authenticated users to read configured CSS templates and annotations. The vulnerability is described as an information disclosure risk with a CVSS v3.1 base score of 4....
PT-2023-28376 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 2.1.2 Description: The issue allows authenticated users to read configured CSS templates and annotations due to unnecessary read permissions within the Gamma role. Recommendations: For versions prior to 2.1.2...
AZL-26625 CVE-2023-24539 affecting package msft-golang for versions less than 1.20.11-1
Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...
Apache Superset 安全漏洞
Apache Superset is a data visualization and data exploration platform from the Apache Foundation USA. A security vulnerability exists in Apache Superset versions 1.5.2 and earlier and 2.0.0, which originates from an authenticated attacker with write access to a CSS template that can create a reco...
PT-2023-14306 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description: An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast...