CVE-2023-42501

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 27, 2023

Updated: Dec 1, 2023

CWE ID 276

Summary

CVE-2023-42501 is a cybersecurity vulnerability affecting Apache Superset versions before 2.1.2. The issue grants authenticated users with the Gamma role unnecessary read permissions, enabling them to access configured CSS templates and annotations. This poses a risk to data confidentiality. To mitigate this vulnerability, users are advised to upgrade to version 2.1.2 or higher and run `superset init` to reconstruct the Gamma role or remove the corresponding read permissions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Superset

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/spv4Ew
https://www.cve.org/CVERecord?id=CVE-2023-42501
https://nvd.nist.gov/vuln/detail/CVE-2023-42501

Back to Vulnerability Database