Veracode Vulnerability DatabaseVERACODE:44755Unauthorized Access
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
15.5%
apache-superset is vulnerable to Unauthorized Access. The vulnerability is due to improper authorization checks. This flaw can be exploited by an attacker by creating a dashboard and adding charts to it. Consequently they become one of the owners of the charts, resulting in unauthorized write permission.
References
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
15.5%