oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-27525: Apache Superset: Incorrect default permissions for Gamma role

From: Daniel Gaspar <dpgaspar () apache org>
Date: Mon, 17 Apr 2023 10:04:21 +0000
Description:

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods 
in Apache Superset up to and including 2.0.1

Credit:

NTT DATA (finder)

References:

https://superset.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-27525
Previous By Date Next
Previous By Thread Next

Current thread: