Improper authorization check and possible privilege escalation on Apache SupersetĀ up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-11-27T10:22:41.083Z

Updated: 2024-08-02T18:38:51.121Z

Reserved: 2023-08-17T12:56:13.976Z

Link: CVE-2023-40610

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-11-27T11:15:07.293

Modified: 2024-11-21T08:19:49.407

Link: CVE-2023-40610

cve-icon Redhat

No data.