CVE-2023-32672

MEDIUM4.3EPSS 0.17%

Apache Superset has incorrect authorization check

發布日:2023/9/6修改日:2025/2/5

也稱為:GHSA-95ch-p3gw-23qgBIT-superset-2023-32672

描述

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.

受影響套件(2)

Bitnami/supersetfrom 0, < 2.1.1
PyPI/apache-supersetfrom 0, <= 2.1.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-32672
PATCHhttps://github.com/apache/superset
WEBhttps://lists.apache.org/thread/ococ6nlj80f0okkwfwpjczy3q84j3wkp