CVE-2023-49734

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-49734

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49734.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-49734

Aliases

Published

2023-12-19T10:15:08Z

Modified

2025-02-13T18:15:45Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.

Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.

References

Affected packages

Git / github.com/apache/incubator-superset

Affected ranges

Type: GIT
Repo: https://github.com/apache/incubator-superset
Events: Introduced

40d9c4c81fff257ddb6c52f3be9a4794903f4d0f

Fixed

961eba6d9707c8f1b1588fe3e2bf602ef2d1a4da

Type: GIT
Repo: https://github.com/apache/superset
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

840b4869067f05b71e70a9d4e1b6e4269c8f7b12