CVE-2023-36387

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-36387

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36387.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-36387

Aliases

Published

2023-09-06T13:15:08.537Z

Modified

2026-03-14T12:09:07.307532Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

[none]

Details

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.

References

Affected packages

Git / github.com/apache/superset

Affected ranges

Type

GIT

Repo

https://github.com/apache/superset

Events

Introduced

Last affected

2817aebd69dc7d199ec45d973a2079f35e5658b6

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.0"
        }
    ]
}

Affected versions

0.*

0.10.0

0.11.0

0.12.0

0.13.1

0.13.2

0.14.1

0.15.0

0.15.1

0.15.3

0.15.4

0.15.4.1

0.16.0

0.16.1

0.17.0

0.17.1

0.17.2

0.17.3

0.17.4

0.17.5

0.17.6

0.18.2

0.18.3

0.18.4

0.18.5

0.19.1

0.2.1

0.20.1

0.25-fork

0.29.0rc1

0.4.0

0.5.0

0.5.1

0.5.2

0.5.3

0.6.0

0.6.1

0.7.0

0.8.0

0.8.3

0.8.4

0.8.5

0.8.6

0.8.7

0.8.8

0.8.9

0.9.0

0.9.1

2.*

2.1.0

2.1.0rc2

2.1.0rc3

2020.*

2020.51.1

airbnb_prod.*

airbnb_prod.0.10.0.2

airbnb_prod.0.11.0.1

airbnb_prod.0.11.0.2

airbnb_prod.0.11.0.3

airbnb_prod.0.11.0.4

airbnb_prod.0.11.0.5

airbnb_prod.0.11.0.6

airbnb_prod.0.12.0.1

airbnb_prod.0.12.1.0

airbnb_prod.0.13.0.0

airbnb_prod.0.13.0.1

airbnb_prod.0.13.0.2

airbnb_prod.0.13.0.3

airbnb_prod.0.15.0.1

airbnb_prod.0.15.4.1

airbnb_prod.0.15.4.2

airbnb_prod.0.15.5.0

Other

dummy

test_tag

superset-helm-chart-0.*

superset-helm-chart-0.1.0

superset-helm-chart-0.1.1

superset-helm-chart-0.1.2

superset-helm-chart-0.1.3

superset-helm-chart-0.1.4

superset-helm-chart-0.1.5

superset-helm-chart-0.1.6

superset-helm-chart-0.2.0

superset-helm-chart-0.2.1

superset-helm-chart-0.3.0

superset-helm-chart-0.3.1

superset-helm-chart-0.3.10

superset-helm-chart-0.3.11

superset-helm-chart-0.3.12

superset-helm-chart-0.3.2

superset-helm-chart-0.3.3

superset-helm-chart-0.3.4

superset-helm-chart-0.3.5

superset-helm-chart-0.3.6

superset-helm-chart-0.3.7

superset-helm-chart-0.3.8

superset-helm-chart-0.3.9

superset-helm-chart-0.4.0

superset-helm-chart-0.5.0

superset-helm-chart-0.5.1

superset-helm-chart-0.5.10

superset-helm-chart-0.5.2

superset-helm-chart-0.5.3

superset-helm-chart-0.5.4

superset-helm-chart-0.5.5

superset-helm-chart-0.5.6

superset-helm-chart-0.5.7

superset-helm-chart-0.5.8

superset-helm-chart-0.5.9

superset-helm-chart-0.6.0

superset-helm-chart-0.6.1

superset-helm-chart-0.6.2

superset-helm-chart-0.6.3

superset-helm-chart-0.6.4

superset-helm-chart-0.6.5

superset-helm-chart-0.6.6

superset-helm-chart-0.7.0

superset-helm-chart-0.7.1

superset-helm-chart-0.7.2

superset-helm-chart-0.7.3

superset-helm-chart-0.7.4

superset-helm-chart-0.7.6

superset-helm-chart-0.7.7

superset-helm-chart-0.8.0

superset-helm-chart-0.8.1

superset-helm-chart-0.8.2

superset-helm-chart-0.8.3

superset-helm-chart-0.8.4

superset-helm-chart-0.8.5

superset-helm-chart-0.8.6

v2020.*

v2020.51.0

v2021.*

v2021.10.0

v2021.13.0

v2021.15.0

v2021.17.0

v2021.18.0

v2021.19.0

v2021.20.0

v2021.21.0

v2021.22.0

v2021.23.0

v2021.23.1

v2021.24.0

v2021.25.0

v2021.27.0

v2021.27.1

v2021.29.0

v2021.3.0

v2021.31.0

v2021.34.0

v2021.35.0

v2021.36.0

v2021.36.5

v2021.38.0

v2021.40.0

v2021.41.0

v2021.5.0

v2021.5.1

v2021.6.0

v2021.7.0

v2021.8.0

v2021.9.0

v2021.9.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36387.json"