Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache superset vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-42501
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: prior to 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma...
Apache Superset
NA
CVE-2023-42502
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions prior to 3.0.0.
Apache Superset
NA
CVE-2023-42505
An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset prior to 3.0.0.
Apache Superset
668
VMScore
CVE-2018-8021
Versions of Superset before 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
Apache Superset
4 Github repositories
NA
CVE-2023-37941
If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typical...
Apache Superset
490
VMScore
CVE-2020-13952
In the course of work on the open source project it exists that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version...
Apache Superset
668
VMScore
CVE-2022-27479
Apache Superset prior to 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.
Apache Superset
534
VMScore
CVE-2021-41971
Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.
Apache Superset
NA
CVE-2023-30776
An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.
Apache Superset
NA
CVE-2023-42504
An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: prior to 3.0.0
Apache Superset
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »