Lucene search
K

34 matches found

Cvelist
Cvelist
added 2024/02/28 11:24 a.m.24 views

CVE-2024-24773 Apache Superset: Improper validation of SQL statements allows for unauthorized access to data

Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue...

4.9CVSS5.7AI score0.00773EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.4 views

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that is caused by improper data authorization. An attacker could exploit this vulnerability to obtain sensitive information...

6.5CVSS6AI score0.00727EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.4 views

PT-2024-20551 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.0.4 Apache Superset versions 3.1.0 through 3.1.0 Description: The issue is related to the improper parsing of nested SQL statements on SQLLab, allowing authenticated users to surpass their data authorizatio...

6.5CVSS7.6AI score0.00773EPSS
Exploits0References12
CNVD
CNVD
added 2023/09/08 12:0 a.m.24 views

Apache Superset Unauthorized Access Vulnerability

Apache Superset is a Python language based development of open source fashionable data exploration and analysis and visualization of the reporting platform , support for rich data sources , and has a colorful visualization of the charts to choose from . An unauthorized access vulnerability exists...

5CVSS6.4AI score0.00726EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/09/06 3:30 p.m.23 views

Apache Superset vulnerable to improper data authorization

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS5.2AI score0.00726EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/09/06 3:30 p.m.25 views

GHSA-V594-2C97-HX38 Apache Superset vulnerable to improper data authorization

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS4.6AI score0.00726EPSS
Exploits0References3
NVD
NVD
added 2023/09/06 1:15 p.m.21 views

CVE-2023-27523

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS5AI score0.00726EPSS
Exploits0References1
OSV
OSV
added 2023/09/06 1:15 p.m.15 views

CVE-2023-27523

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

4.3CVSS6.9AI score
Exploits0References1
CVE
CVE
added 2023/09/06 12:55 p.m.54 views

CVE-2023-27523

CVE-2023-27523 affects Apache Superset up to version 2.1.0, due to improper data authorization checks on Jinja-templated queries. An authenticated user can issue queries on database tables to which they may not have access. The connected documents confirm the vulnerability description and multipl...

5CVSS4.6AI score0.00726EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/09/06 12:0 a.m.7 views

Apache Superset 安全漏洞

Apache Superset is a Python language based development of open source fashionable data exploration and analysis and visualization of the reporting platform , support for rich data sources , and has a colorful visualization of the charts to choose from . An unauthorized access vulnerability exists...

5CVSS6.5AI score0.00726EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/06 12:0 a.m.6 views

PT-2023-5197 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 2.1.0 Description: The issue is related to improper data authorization checks on Jinja templated queries, allowing an authenticated user to issue queries on database tables they may not have access...

5CVSS6.9AI score0.00726EPSS
Exploits0References11
Prion
Prion
added 2023/02/14 4:15 a.m.12 views

Authorization

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability...

4CVSS6.6AI score0.00524EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2021/04/05 8:10 p.m.65 views

U.S. Dept Of Defense: ████████ portal is open to enumeration once authenticated. Session ID's appear static. All PII available once a valid session ID is found.

Description: Once Authenticated to █████████ portal with valid credentials you can type in another members session id and you can see any service members data as if you were authenticated as them. https://█████████ I did not see if there was a way to dump all session id's, but wouldn't be too...

0.4AI score
Exploits0
NVD
NVD
added 2021/01/20 9:15 p.m.18 views

CVE-2021-1135

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory...

4.6CVSS4.8AI score0.00632EPSS
Exploits0References1
Rows per page
Query Builder