Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache superset vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-43720
An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and ...
Apache Superset
Apache Superset 2.0.0
5.4
CVSSv3
CVE-2022-43721
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Apache Superset
Apache Superset 2.0.0
5.4
CVSSv3
CVE-2021-32609
Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.
Apache Superset
5.4
CVSSv3
CVE-2021-27907
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the u...
Apache Superset
5.3
CVSSv3
CVE-2022-45438
When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and versio...
Apache Superset
Apache Superset 2.0.0
5.3
CVSSv3
CVE-2019-12413
In Apache Incubator Superset prior to 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query.
Apache Superset
5.3
CVSSv3
CVE-2019-12414
In Apache Incubator Superset prior to 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab
Apache Superset
4.3
CVSSv3
CVE-2023-42505
An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset prior to 3.0.0.
Apache Superset
4.3
CVSSv3
CVE-2023-42501
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: prior to 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma...
Apache Superset
4.3
CVSSv3
CVE-2023-32672
An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing...
Apache Superset
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »