Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv3

CVE-2023-42501

Published: 27/11/2023 Updated: 01/12/2023
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Apache

Vulnerability Summary

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: prior to 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache superset

Mailing Lists

Full Disclosure: CVE-2023-42501: Apache Superset: Unnecessary read permissions within the Gamma role
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2023-42501: Apache Superset: Unnecessary read permissions within the Gamma role <!--X-Subject-Header-End--> <!--X-Head-of- ...

References

CWE-276https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4yghhttp://www.openwall.com/lists/oss-security/2023/11/27/3https://nvd.nist.govhttps://seclists.org/oss-sec/2023/q4/238
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook