Lucene search

Veracode Vulnerability DatabaseVERACODE:46800

HistoryMay 08, 2024 - 6:05 a.m.

Incorrect Authorization

2024-05-0806:05:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerable

improper validation

rest api

sensitive information

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

apache_superset is vulnerable to Incorrect Authorization. The vulnerability is due to improper validation on user permissions when accessing datasource metadata through REST API’s. This allows attackers to access sensitive information without the necessary authorization.

References

github.com/advisories/GHSA-299q-3p96-5898

github.com/apache/superset/commit/a3d2e0bf447fad5d4495eea97529118b562f4e3c

github.com/apache/superset/pull/27395

lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for VERACODE:46800