{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-41703", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2022-09-28T15:13:03.943Z", "datePublished": "2023-01-16T10:14:01.332Z", "dateUpdated": "2025-04-08T20:33:49.417Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Superset", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "2.0.1", "status": "affected", "version": "2.0.0", "versionType": "semver"}, {"lessThanOrEqual": "1.5.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mingyu Son"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value).  <span style=\"background-color: rgb(255, 255, 255);\">This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n</span><br><br>"}], "value": "A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value).  This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n\n\n"}], "metrics": [{"other": {"content": {"text": "critical"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"description": "SQL injection in certain query object fields", "lang": "en"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-04-11T14:58:51.125Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Superset: SQL injection vulnerability in adhoc clauses", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.809Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-08T20:32:13.091581Z", "id": "CVE-2022-41703", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T20:33:49.417Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.809Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-41703", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-08T20:32:13.091581Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T20:33:19.406Z"}}], "cna": {"title": "Apache Superset: SQL injection vulnerability in adhoc clauses", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Mingyu Son"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "critical"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Superset", "versions": [{"status": "affected", "version": "2.0.0", "lessThan": "2.0.1", "versionType": "semver"}, {"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.5.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value).  This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value).  <span style=\"background-color: rgb(255, 255, 255);\">This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n</span><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "SQL injection in certain query object fields"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-04-11T14:58:51.125Z"}}}, "cveMetadata": {"cveId": "CVE-2022-41703", "state": "PUBLISHED", "dateUpdated": "2025-04-08T20:33:49.417Z", "dateReserved": "2022-09-28T15:13:03.943Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2023-01-16T10:14:01.332Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD514249-ED9E-45F1-9D50-4A7CE6DB166B", "versionEndIncluding": "1.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:superset:2.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "35CD3C6F-B3E0-437C-A1D7-EF700C76923C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:superset:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "ADD3485B-3FFC-4B60-89F5-E4ECA0C680B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:superset:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "BC060A49-79ED-4539-9E68-EDB15D7F2445", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value).  This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad en el conector SQL Alchemy de Apache Superset permite a un usuario autenticado con acceso de lectura a una base de datos espec\u00edfica agregar subconsultas a los campos WHERE y HAVING que hacen referencia a tablas en la misma base de datos a la que el usuario no deber\u00eda tener acceso, a pesar de que el usuario tiene la indicador de funci\u00f3n \"ALLOW_ADHOC_SUBQUERY\" deshabilitado (valor predeterminado). Este problema afecta a Apache Superset versi\u00f3n 1.5.2 y versiones anteriores y a la versi\u00f3n 2.0.0."}], "id": "CVE-2022-41703", "lastModified": "2025-04-08T21:15:44.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-01-16T11:15:10.303", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}