Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ApacheSuperset

10 matches found

CVE
CVEadded 2023/09/06 1:15 p.m.2481 views

CVE-2023-39264

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

4.3CVSS4.5AI score0.00122EPSS
CVE
CVEadded 2024/02/28 12:15 p.m.129 views

CVE-2024-24772

A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which...

4.3CVSS4.8AI score0.00515EPSS
CVE
CVEadded 2024/05/07 2:15 p.m.92 views

CVE-2024-28148

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.

4.3CVSS6.5AI score0.00045EPSS
CVE
CVEadded 2024/02/28 10:15 a.m.85 views

CVE-2024-27315

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert expos...

4.3CVSS4.8AI score0.00089EPSS
CVE
CVEadded 2022/07/06 1:15 p.m.70 views

CVE-2021-37839

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

4.3CVSS4.2AI score0.00221EPSS
CVE
CVEadded 2023/04/17 5:15 p.m.48 views

CVE-2023-27525

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1

4.3CVSS4.1AI score0.0016EPSS
CVE
CVEadded 2023/11/28 5:15 p.m.45 views

CVE-2023-42505

An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0.

4.3CVSS4.2AI score0.00041EPSS
CVE
CVEadded 2023/09/06 1:15 p.m.38 views

CVE-2023-27526

A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0.

4.3CVSS4.4AI score0.0015EPSS
CVE
CVEadded 2023/09/06 2:15 p.m.38 views

CVE-2023-32672

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.

4.3CVSS4.5AI score0.00206EPSS
CVE
CVEadded 2023/11/27 11:15 a.m.31 views

CVE-2023-42501

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.This issue affects Apache Superset: before 2.1.2.Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove can_read ...

4.3CVSS4.4AI score0.00099EPSS