CVE-2023-27523 MEDIUM

CVE-2023-27523: Apache Superset: Improper data permission validation on Jinja templated queries

Vendor Apache Software Foundation

Product Apache Superset

Weakness CWE-863 · Incorrect authorization

Published September 6, 2023

Last update September 26, 2024

View on NVD All CVEs

CVSS base score

5.0/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

Description

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.

Key dates

Disclosure timeline

September 6, 2023 CVE published

September 26, 2024 Record updated