Lucene search

Veracode Vulnerability DatabaseVERACODE:44462

HistoryNov 29, 2023 - 7:18 a.m.

Privilege Escalation

2023-11-2907:18:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

apache-superset

privilege escalation

default database connection

authentication

authorization

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

apache-superset is vulnerable to Privilege Escalation. The vulnerability is due to the default examples database connection. An attacker can exploit this flaw via using a specially crafted CTE SQL statement and as a result could tamper with the authentication / authorization data.

CPENameOperatorVersion
apache-supersetle2.1.1
apache-supersetle2.1.1

CPE	Name	Operator	Version
	apache-superset	le	2.1.1
	apache-superset	le	2.1.1

References

www.openwall.com/lists/oss-security/2023/11/27/2

github.com/advisories/GHSA-392c-vjfv-h7wr

github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5

lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for VERACODE:44462