CVE-2023-27523

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h	Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-09-06 13:15

Updated : 2023-09-11 13:46

NVD link : CVE-2023-27523

Mitre link : CVE-2023-27523

CVE.ORG link : CVE-2023-27523

JSON object : View

Products Affected

apache

superset

CWE

CWE-863

Incorrect Authorization

4.3 /10