CVE-2023-36388 MEDIUM

CVE-2023-36388: Apache Superset: Improper API permission for low privilege users allows for SSRF

Vendor Apache Software Foundation

Product Apache Superset

Weakness CWE-918 · SSRF

Published September 6, 2023

Last update September 26, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

Description

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.

Key dates

Disclosure timeline

September 6, 2023 CVE published

September 26, 2024 Record updated