CVE-2023-49734

Опубликовано: 19 дек. 2023

Источник: nvd

CVSS3: 7.7

CVSS3: 6.5

EPSS Низкий

Описание

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.

Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.

Ссылки

http://www.openwall.com/lists/oss-security/2023/12/19/3
Mailing List
Third Party Advisory
https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/12/19/3
Mailing List
Third Party Advisory
https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*

Версия до 2.1.2 (исключая)

cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.0.2 (исключая)

EPSS

Процентиль: 40%

0.00183

Низкий

7.7 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-g49j-j489-3xpf

CVSS3: 7.7

github

около 2 лет назад

Apache Superset incorrect write permissions vulnerability

EPSS

Процентиль: 40%

0.00183

Низкий

7.7 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-863