An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-09-06T13:16:02.396Z
Updated: 2024-09-26T15:52:02.025Z
Reserved: 2023-05-11T14:26:39.767Z
Link: CVE-2023-32672
Vulnrichment
Updated: 2024-08-02T15:25:36.704Z
NVD
Status : Modified
Published: 2023-09-06T14:15:10.297
Modified: 2024-11-21T08:03:49.267
Link: CVE-2023-32672
Redhat
No data.