Published: 06/09/2023 Updated: 13/10/2023

CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9

VMScore: 0

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache superset

Check Point Reference: CPAI-2023-1628 Date Published: 18 Apr 2024 Severity: Medium ...

CWE-20 https://lists.apache.org/thread/pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html https://nvd.nist.gov https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1628.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-39265

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect