Apache Superset allows authenticated users to view sensitive data without explicit permissions

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

EUVD-2026-8477

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

EUVD-2023-3047

Malicious code in bioql PyPI...

EUVD-2023-1227

Malicious code in bioql PyPI...

CVE-2023-27525

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1...

CVE-2023-42501

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...

BIT-SUPERSET-2023-27525 Apache Superset: Incorrect default permissions for Gamma role

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1...

BIT-SUPERSET-2023-42501 Apache Superset: Unnecessary read permissions within the Gamma role

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...

GHSA-VV65-FJFJ-4736 Apache Superset has Incorrect Default Permissions

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...

CVE-2023-42501

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...

CVE-2023-42501 Apache Superset: Unnecessary read permissions within the Gamma role

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...

CVE-2023-42501 Apache Superset: Unnecessary read permissions within the Gamma role

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...

PT-2023-28376 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 2.1.2 Description: The issue allows authenticated users to read configured CSS templates and annotations due to unnecessary read permissions within the Gamma role. Recommendations: For versions prior to 2.1.2...

Apache Superset vulnerable to Improper Authorization

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1...

CVE-2023-27525

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1...

CVE-2023-27525

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1...

CVE-2023-27525 Apache Superset: Incorrect default permissions for Gamma role

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1...

CVE-2023-27525

CVE-2023-27525 affects Apache Superset up to 2.0.1. An authenticated user with the Gamma role could access metadata information using non-trivial methods, enabling information disclosure. Documented impact is limited to metadata exposure; no exploit vectors or fixes are provided in the supplied s...

PT-2023-21192 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 2.0.1 Description: An authenticated user with Gamma role authorization could have access to metadata information using non-trivial methods. Recommendations: For Apache Superset versions up to and...