5 matches found
Apache Superset - Elevation of Privilege
Overview An attacker with access to the SQL Lab and the abuser and abuserrole tables can elevate his privileges to become administrator. Details On a more general level, diverse tables who are supposed to be only readable can be modified using the WITH … AS and RETURNING keywords. Modification of...
CVE-2023-40610
Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...
CVE-2023-40610 Apache Superset: Privilege escalation with default examples database
Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...
CVE-2023-40610
CVE-2023-40610 affects Apache Superset prior to version 2.1.2. The issue is an improper authorization check that enables privilege escalation when using the default examples database connection, which can grant access to both the examples schema and Superset metadata DB. A specially crafted CTE S...
CVE-2023-40610 Apache Superset: Privilege escalation with default examples database
Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...