Lucene search

ApacheVULNRICHMENT:CVE-2023-27523

HistorySep 06, 2023 - 12:55 p.m.

CVE-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries

2023-09-0612:55:31

CWE-863

apache

github.com

apache superset

data permission

validation

jinja templated queries

authenticated user

database tables.

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.

References

lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-27523