oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-28148: Apache Superset: Incorrect datasource authorization on explore REST API

From: Daniel Gaspar <dpgaspar () apache org>
Date: Tue, 07 May 2024 08:54:03 +0000
Affected versions:

- Apache Superset before 4.0.0

Description:

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting 
a targeted REST API request.This issue affects Apache Superset: before 4.0.0.

Users are recommended to upgrade to version 4.0.0, which fixes the issue.

Credit:

Daniel Pedro Vaz Gaspar (remediation developer)
Krishna Nadh (finder)

References:

https://superset.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-28148
Previous By Date Next
Previous By Thread Next

Current thread: