cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-55633,https://securityvulnerability.io/vulnerability/CVE-2024-55633,Incorrectly Identified SQL DML Statement Vulnerability Affects Apache Superset Before 4.1.0,"Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable.  This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.",Apache,Apache Superset,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-12T14:36:02.325Z,0 CVE-2024-34693,https://securityvulnerability.io/vulnerability/CVE-2024-34693,Improper Input Validation Vulnerability in Apache Superset Allows for File Reading and Insertion,"The vulnerability in Apache Superset, known as CVE-2024-34693, is a high-risk issue that allows an authenticated attacker to create a MariaDB connection with local_infile enabled. This could potentially lead to the execution of MySQL/MariaDB SQL commands to read files from the server and insert them into a MariaDB database table. The affected versions are Apache Superset before 3.1.3 and version 4.0.0. Users are urged to upgrade to version 4.0.1 or 3.1.3 to address this vulnerability. The potential impact of exploitation includes data manipulation and disclosure. It is classified as a high-risk vulnerability and affected systems include Linux and Unix operating systems. The Common Vulnerability Scoring System (CVSS) has given it a Base Score of 8.1. Exploitations have been reported, making it crucial for users to update their systems promptly. The severity of this vulnerability highlights the need for regular monitoring and prompt patching of affected systems.",Apache,Apache Superset,6.8,MEDIUM,0.0004299999854993075,false,,true,false,true,2024-07-28T06:28:11.000Z,true,false,false,,2024-06-20T08:51:55.329Z,0 CVE-2024-28148,https://securityvulnerability.io/vulnerability/CVE-2024-28148,Authenticated User Can Access Metadata for Unauthorized Datasource via Targeted REST API Request,"An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue. ",Apache,Apache Superset,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-07T13:33:42.137Z,0 CVE-2024-26016,https://securityvulnerability.io/vulnerability/CVE-2024-26016,"Low Privilege User Can Modify Ownership of Charts and Dashboards, But Data Access Privileges Still Apply","A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue. ",Apache,Apache Superset,5.4,MEDIUM,0.0012700000079348683,false,,false,false,false,,,false,false,,2024-02-28T11:28:38.319Z,0 CVE-2024-24779,https://securityvulnerability.io/vulnerability/CVE-2024-24779,Virtual Datasets Lead to Unauthorized Data Access in Apache Superset,"Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. ",Apache,Apache Superset,6.5,MEDIUM,0.0010900000343099236,false,,false,false,false,,,false,false,,2024-02-28T11:28:02.395Z,0 CVE-2024-24772,https://securityvulnerability.io/vulnerability/CVE-2024-24772,Arbitrary SQL Statements Could Leak Information from Underlying Analytics Database,"A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. ",Apache,Apache Superset,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-02-28T11:26:45.745Z,0 CVE-2024-24773,https://securityvulnerability.io/vulnerability/CVE-2024-24773,Authenticated Users Can Surpass Data Authorization Scope via Improper Nested SQL Parsing,"Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue. ",Apache,Apache Superset,6.5,MEDIUM,0.0010900000343099236,false,,false,false,false,,,false,false,,2024-02-28T11:24:58.179Z,0 CVE-2024-27315,https://securityvulnerability.io/vulnerability/CVE-2024-27315,Error in Alerts & Reports May Expose Sensitive Data,"An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.",Apache,Apache Superset,4.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2024-02-28T10:06:48.685Z,0 CVE-2024-23952,https://securityvulnerability.io/vulnerability/CVE-2024-23952,Malicious ZIP Upload Vulnerability Affects Apache Superset,"This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.   This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. ",Apache,Apache Superset,6.5,MEDIUM,0.0011399999493733048,false,,false,false,false,,,false,false,,2024-02-14T11:09:47.113Z,0 CVE-2023-49657,https://securityvulnerability.io/vulnerability/CVE-2023-49657,Apache Superset: Stored XSS in Dashboard Title and Chart Title,"A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their config to include: TALISMAN_CONFIG = {     ""content_security_policy"": {         ""base-uri"": [""'self'""],         ""default-src"": [""'self'""],         ""img-src"": [""'self'"", ""blob:"", ""data:""],         ""worker-src"": [""'self'"", ""blob:""],         ""connect-src"": [             ""'self'"",             "" https://api.mapbox.com"" https://api.mapbox.com"" ;,             "" https://events.mapbox.com"" https://events.mapbox.com"" ;,         ],         ""object-src"": ""'none'"",         ""style-src"": [             ""'self'"",             ""'unsafe-inline'"",         ],         ""script-src"": [""'self'"", ""'strict-dynamic'""],     },     ""content_security_policy_nonce_in"": [""script-src""],     ""force_https"": False,     ""session_cookie_secure"": False, } ",Apache,Apache Superset,5.4,MEDIUM,0.002520000096410513,false,,false,false,false,,,false,false,,2024-01-23T15:06:59.901Z,0 CVE-2023-46104,https://securityvulnerability.io/vulnerability/CVE-2023-46104,Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb,"Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.   This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. ",Apache,Apache Superset,6.5,MEDIUM,0.003229999914765358,false,,false,false,false,,,false,false,,2023-12-19T10:15:00.000Z,0 CVE-2023-49734,https://securityvulnerability.io/vulnerability/CVE-2023-49734,Apache Superset: Privilege Escalation Vulnerability,"An authenticated user in Apache Superset can create a dashboard and inadvertently gain ownership of the associated charts, allowing unauthorized write access to these charts. This issue arises in versions prior to 2.1.2 and from 3.0.0 before 3.0.2, posing a risk to data integrity. Users are advised to upgrade to versions 3.0.2 or 2.1.3 to mitigate this issue.",Apache,Apache Superset,7.7,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-12-19T10:15:00.000Z,0 CVE-2023-49736,https://securityvulnerability.io/vulnerability/CVE-2023-49736,Apache Superset: SQL Injection on where_in JINJA macro,"A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue. ",Apache,Apache Superset,6.5,MEDIUM,0.0016700000269338489,false,,false,false,false,,,false,false,,2023-12-19T10:15:00.000Z,0 CVE-2023-42504,https://securityvulnerability.io/vulnerability/CVE-2023-42504,Apache Superset: Lack of rate limiting allows for possible denial of service,"An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0 ",Apache,Apache Superset,5.8,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2023-11-28T18:15:00.000Z,0 CVE-2023-42502,https://securityvulnerability.io/vulnerability/CVE-2023-42502,Apache Superset: Open Redirect Vulnerability,"An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0. ",Apache,Apache Superset,5.4,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-11-28T17:15:00.000Z,0 CVE-2023-42505,https://securityvulnerability.io/vulnerability/CVE-2023-42505,Apache Superset: Sensitive information disclosure on db connection details,"An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0. ",Apache,Apache Superset,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-11-28T17:15:00.000Z,0 CVE-2023-40610,https://securityvulnerability.io/vulnerability/CVE-2023-40610,Apache Superset: Privilege escalation with default examples database,"A vulnerability exists in Apache Superset versions up to but not including 2.1.2, where improper authorization checks can allow an attacker to exploit a specially crafted CTE SQL statement. This exploit can lead to unauthorized changes in the metadata database, compromising the integrity of authentication and authorization data. By leveraging the default examples database connection, an attacker could gain access to sensitive schema information, escalating privileges and potentially manipulating critical data without the appropriate permissions.",Apache,Apache Superset,8.8,HIGH,0.00865000020712614,false,,false,false,false,,,false,false,,2023-11-27T11:15:00.000Z,0 CVE-2023-43701,https://securityvulnerability.io/vulnerability/CVE-2023-43701,Apache Superset: Stored XSS on API endpoint,"Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2.  Users are recommended to upgrade to version 2.1.2, which fixes this issue.",Apache,Apache Superset,5.4,MEDIUM,0.004679999779909849,false,,false,false,false,,,false,false,,2023-11-27T11:15:00.000Z,0 CVE-2023-42501,https://securityvulnerability.io/vulnerability/CVE-2023-42501,Apache Superset: Unnecessary read permissions within the Gamma role,"Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources. ",Apache,Apache Superset,4.3,MEDIUM,0.0019000000320374966,false,,false,false,false,,,false,false,,2023-11-27T11:15:00.000Z,0 CVE-2023-37941,https://securityvulnerability.io/vulnerability/CVE-2023-37941,Apache Superset: Metadata db write access can lead to remote code execution,"If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typically only accessible directly by the system administrator and the superset process itself. Gaining access to that database should be difficult and require significant privileges. This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later. ",Apache,Apache Superset,6.6,MEDIUM,0.002300000051036477,false,,false,false,true,2023-05-08T13:55:30.000Z,true,false,false,,2023-09-06T14:15:00.000Z,0 CVE-2023-39265,https://securityvulnerability.io/vulnerability/CVE-2023-39265,Apache Superset: Possible Unauthorized Registration of SQLite Database Connections,"Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.",Apache,Apache Superset,3.8,LOW,0.0021100000012665987,false,,false,false,false,,,false,false,,2023-09-06T14:15:00.000Z,0 CVE-2023-32672,https://securityvulnerability.io/vulnerability/CVE-2023-32672,Apache Superset: SQL parser edge case bypasses data access authorization,"An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability. ",Apache,Apache Superset,4.3,MEDIUM,0.0013599999947473407,false,,false,false,false,,,false,false,,2023-09-06T14:15:00.000Z,0 CVE-2023-27526,https://securityvulnerability.io/vulnerability/CVE-2023-27526,Apache Superset: Improper Authorization check on import charts,"A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0.  ",Apache,Apache Superset,4.3,MEDIUM,0.0038799999747425318,false,,false,false,false,,,false,false,,2023-09-06T13:15:00.000Z,0 CVE-2023-36387,https://securityvulnerability.io/vulnerability/CVE-2023-36387,Apache Superset: Improper API permission for low privilege users,"An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. ",Apache,Apache Superset,5.4,MEDIUM,0.002219999907538295,false,,false,false,false,,,false,false,,2023-09-06T13:15:00.000Z,0 CVE-2023-39264,https://securityvulnerability.io/vulnerability/CVE-2023-39264,Apache Superset: Stack traces enabled by default,"By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.",Apache,Apache Superset,4.3,MEDIUM,0.0027000000700354576,false,,false,false,false,,,false,false,,2023-09-06T13:15:00.000Z,0