CVE-2024-24779 in Supersetinformazioni

Riassunto

di MITRE • 28/02/2024

Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.

Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Prenotare

30/01/2024

Divulgazione

28/02/2024

Moderazione

accettato

CPE

pronto

EPSS

0.00727

KEV

no

Attività

molto basso

Fonti

Do you want to use VulDB in your project?

Use the official API to access entries easily!