GHSA-w6c7-j32f-rq8j

Опубликовано: 13 мая 2025

Источник: github

Github: Прошло ревью

CVSS4: 5.3

CVSS3: 8.8

Описание

Apache Superset Allows Ownership Takeover

Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.

This issue affects Apache Superset: through 4.1.1.

Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue.

Ссылки

Пакеты

Наименование

apache-superset

pip

Затронутые версииВерсия исправления

< 4.1.2

4.1.2

EPSS

Процентиль: 8%

0.0003

Низкий

5.3 Medium

CVSS4

8.8 High

CVSS3

CVE ID

CVE-2025-27696

Дефекты

CWE-285

CWE-863

Связанные уязвимости

CVE-2025-27696

CVSS3: 8.8

nvd

9 месяцев назад

Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue.

EPSS

Процентиль: 8%

0.0003

Низкий

5.3 Medium

CVSS4

8.8 High

CVSS3

CVE ID

CVE-2025-27696

Дефекты

CWE-285

CWE-863