Lucene search

ApacheVULNRICHMENT:CVE-2024-28148

HistoryMay 07, 2024 - 1:33 p.m.

CVE-2024-28148 Apache Superset: Incorrect datasource authorization on explore REST API

2024-05-0713:33:42

CWE-863

apache

github.com

apache superset

datasource

authorization

vulnerability

rest api

cve-2024-28148

metadata

upgrade

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2.

Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.

References

lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-28148