Lucene search
+L

5 matches found

Github Security Blog
Github Security Blog
added 2023/11/28 6:56 p.m.31 views

Apache Superset - Elevation of Privilege

Overview An attacker with access to the SQL Lab and the abuser and abuserrole tables can elevate his privileges to become administrator. Details On a more general level, diverse tables who are supposed to be only readable can be modified using the WITH … AS and RETURNING keywords. Modification of...

8.8CVSS9.1AI score0.01335EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/11/27 11:15 a.m.30 views

CVE-2023-40610

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

8.8CVSS0.01335EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/11/27 10:22 a.m.24 views

CVE-2023-40610 Apache Superset: Privilege escalation with default examples database

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

6.3CVSS9.2AI score0.01335EPSS
Exploits0References3
CVE
CVE
added 2023/11/27 10:22 a.m.69 views

CVE-2023-40610

CVE-2023-40610 affects Apache Superset prior to version 2.1.2. The issue is an improper authorization check that enables privilege escalation when using the default examples database connection, which can grant access to both the examples schema and Superset metadata DB. A specially crafted CTE S...

8.8CVSS7.6AI score0.01335EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/27 10:22 a.m.16 views

CVE-2023-40610 Apache Superset: Privilege escalation with default examples database

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

6.3CVSS7.2AI score0.01335EPSS
Exploits0References5
Rows per page
Query Builder