BIT-superset-2023-49734

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/superset/BIT-superset-2023-49734.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-superset-2023-49734

Aliases

Published

2025-02-05T07:26:41.202Z

Modified

2025-04-03T14:40:37.652Z

Summary

[none]

Details

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.

Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.

Database specific

{
    "cpes": [
        "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / superset

Package

Name: superset
Purl: pkg:bitnami/superset

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2

Introduced

3.0.0

Fixed

3.0.2