A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.
History

Mon, 21 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-04-17T16:29:43.729Z

Updated: 2024-10-21T15:07:48.714Z

Reserved: 2023-02-06T21:18:11.420Z

Link: CVE-2023-25504

cve-icon Vulnrichment

Updated: 2024-08-02T11:25:18.492Z

cve-icon NVD

Status : Modified

Published: 2023-04-17T17:15:07.353

Modified: 2024-11-21T07:49:37.743

Link: CVE-2023-25504

cve-icon Redhat

No data.