CVE-2023-27525 LOW

CVE-2023-27525: Apache Superset: Incorrect default permissions for Gamma role

Vendor Apache Software Foundation

Product Apache Superset

Weakness CWE-863 · Incorrect authorization

Published April 17, 2023

Last update October 15, 2024

View on NVD All CVEs

CVSS base score

3.1/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

Description

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1

Key dates

Disclosure timeline

April 17, 2023 CVE published

October 15, 2024 Record updated