Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ApacheSuperset

4 matches found

CVE
CVEadded 2023/04/24 4:15 p.m.387 views

CVE-2023-27524

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset admin...

9.8CVSS9.2AI score0.80409EPSS
In wild
CVE
CVEadded 2023/04/17 5:15 p.m.224 views

CVE-2023-25504

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgeryattacks and query internal resources on behalf of the server where Supersetis deployed. This vulnerability exists in Apa...

6.5CVSS5.5AI score0.00031EPSS
CVE
CVEadded 2023/04/24 4:15 p.m.64 views

CVE-2023-30776

An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.

6.5CVSS5.8AI score0.00191EPSS
CVE
CVEadded 2023/04/17 5:15 p.m.49 views

CVE-2023-27525

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1

4.3CVSS4.1AI score0.00124EPSS