CVE-2024-26016

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-26016

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26016.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-26016

Aliases

Published

2024-02-28T12:15:47.850Z

Modified

2026-04-10T05:10:50.885270Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges.

This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue.

References

Affected packages

Git / github.com/apache/superset

Affected ranges

Type

GIT

Repo

https://github.com/apache/superset

Events

Introduced

Fixed

7f0decb259241f932cb940da454b174b735272ab

Introduced

0cd2431989f2d0182c02f33c88a5dc9645403980

Fixed

49fee6c776fb742acf6a9a5c59ee2cf8d257f89b

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.0.4"
        },
        {
            "introduced": "3.1.0"
        },
        {
            "fixed": "3.1.1"
        }
    ]
}

Affected versions

0.*

0.10.0

0.11.0

0.12.0

0.13.1

0.13.2

0.14.1

0.15.0

0.15.1

0.15.3

0.15.4

0.15.4.1

0.16.0

0.16.1

0.17.0

0.17.1

0.17.2

0.17.3

0.17.4

0.17.5

0.17.6

0.18.2

0.18.3

0.18.4

0.18.5

0.19.1

0.2.1

0.20.1

0.25-fork

0.29.0rc1

0.4.0

0.5.0

0.5.1

0.5.2

0.5.3

0.6.0

0.6.1

0.7.0

0.8.0

0.8.3

0.8.4

0.8.5

0.8.6

0.8.7

0.8.8

0.8.9

0.9.0

0.9.1

2020.*

2020.51.1

3.*

3.0.0

3.0.0rc1

3.0.0rc2

3.0.0rc3

3.0.0rc4

3.0.1

3.0.1rc1

3.0.1rc2

3.0.2

3.0.2rc1

3.0.2rc2

3.0.3

3.0.3rc1

3.0.3rc2

3.0.3rc3

3.1.0rc1

3.1.0rc2

3.1.0rc3

3.1.0rc4

3.1.1rc1

airbnb_prod.*

airbnb_prod.0.10.0.2

airbnb_prod.0.11.0.1

airbnb_prod.0.11.0.2

airbnb_prod.0.11.0.3

airbnb_prod.0.11.0.4

airbnb_prod.0.11.0.5

airbnb_prod.0.11.0.6

airbnb_prod.0.12.0.1

airbnb_prod.0.12.1.0

airbnb_prod.0.13.0.0

airbnb_prod.0.13.0.1

airbnb_prod.0.13.0.2

airbnb_prod.0.13.0.3

airbnb_prod.0.15.0.1

airbnb_prod.0.15.4.1

airbnb_prod.0.15.4.2

airbnb_prod.0.15.5.0

Other

dummy

test_tag

superset-helm-chart-0.*

superset-helm-chart-0.1.0

superset-helm-chart-0.1.1

superset-helm-chart-0.1.2

superset-helm-chart-0.1.3

superset-helm-chart-0.1.4

superset-helm-chart-0.1.5

superset-helm-chart-0.1.6

superset-helm-chart-0.10.0

superset-helm-chart-0.10.1

superset-helm-chart-0.10.10

superset-helm-chart-0.10.11

superset-helm-chart-0.10.12

superset-helm-chart-0.10.13

superset-helm-chart-0.10.14

superset-helm-chart-0.10.15

superset-helm-chart-0.10.2

superset-helm-chart-0.10.3

superset-helm-chart-0.10.4

superset-helm-chart-0.10.5

superset-helm-chart-0.10.6

superset-helm-chart-0.10.7

superset-helm-chart-0.10.8

superset-helm-chart-0.10.9

superset-helm-chart-0.2.0

superset-helm-chart-0.2.1

superset-helm-chart-0.3.0

superset-helm-chart-0.3.1

superset-helm-chart-0.3.10

superset-helm-chart-0.3.11

superset-helm-chart-0.3.12

superset-helm-chart-0.3.2

superset-helm-chart-0.3.3

superset-helm-chart-0.3.4

superset-helm-chart-0.3.5

superset-helm-chart-0.3.6

superset-helm-chart-0.3.7

superset-helm-chart-0.3.8

superset-helm-chart-0.3.9

superset-helm-chart-0.4.0

superset-helm-chart-0.5.0

superset-helm-chart-0.5.1

superset-helm-chart-0.5.10

superset-helm-chart-0.5.2

superset-helm-chart-0.5.3

superset-helm-chart-0.5.4

superset-helm-chart-0.5.5

superset-helm-chart-0.5.6

superset-helm-chart-0.5.7

superset-helm-chart-0.5.8

superset-helm-chart-0.5.9

superset-helm-chart-0.6.0

superset-helm-chart-0.6.1

superset-helm-chart-0.6.2

superset-helm-chart-0.6.3

superset-helm-chart-0.6.4

superset-helm-chart-0.6.5

superset-helm-chart-0.6.6

superset-helm-chart-0.7.0

superset-helm-chart-0.7.1

superset-helm-chart-0.7.2

superset-helm-chart-0.7.3

superset-helm-chart-0.7.4

superset-helm-chart-0.7.6

superset-helm-chart-0.7.7

superset-helm-chart-0.8.0

superset-helm-chart-0.8.1

superset-helm-chart-0.8.10

superset-helm-chart-0.8.2

superset-helm-chart-0.8.3

superset-helm-chart-0.8.4

superset-helm-chart-0.8.5

superset-helm-chart-0.8.6

superset-helm-chart-0.8.7

superset-helm-chart-0.8.8

superset-helm-chart-0.8.9

superset-helm-chart-0.9.0

superset-helm-chart-0.9.1

superset-helm-chart-0.9.2

superset-helm-chart-0.9.3

superset-helm-chart-0.9.4

v2020.*

v2020.51.0

v2021.*

v2021.10.0

v2021.13.0

v2021.15.0

v2021.17.0

v2021.18.0

v2021.19.0

v2021.20.0

v2021.21.0

v2021.22.0

v2021.23.0

v2021.23.1

v2021.24.0

v2021.25.0

v2021.27.0

v2021.27.1

v2021.29.0

v2021.3.0

v2021.31.0

v2021.34.0

v2021.35.0

v2021.36.0

v2021.36.5

v2021.38.0

v2021.40.0

v2021.41.0

v2021.5.0

v2021.5.1

v2021.6.0

v2021.7.0

v2021.8.0

v2021.9.0

v2021.9.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26016.json"