CVE-2026-30233 OliveTin: View permission not being checked when returning dashboards

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...

OliveTin doesn't check view permission when returning dashboards

Summary An authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be correctly denied, the backend does not enforce IsAllowedView when constructing dashboard and...

PT-2023-7035 · Unknown +1 · Opensearch +2

Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 1.3.14 OpenSearch versions prior to 2.11.0 Description: There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can...

CVE-2022-45438 Apache Superset: Dashboard metadata information leak

When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

Apache Superset 访问控制错误漏洞

An access control error vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, which stems from improper access controls and could be exploited by an unauthenticated attacker to access dashboard configuration metadata using the REST...