An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.
History

Thu, 26 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-09-06T13:16:02.396Z

Updated: 2024-09-26T15:52:02.025Z

Reserved: 2023-05-11T14:26:39.767Z

Link: CVE-2023-32672

cve-icon Vulnrichment

Updated: 2024-08-02T15:25:36.704Z

cve-icon NVD

Status : Modified

Published: 2023-09-06T14:15:10.297

Modified: 2024-11-21T08:03:49.267

Link: CVE-2023-32672

cve-icon Redhat

No data.