CVE-2023-42501

Published: Nov 27, 2023Modified: Feb 13, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.

Affected (1)

Products: Apache: Superset

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Superset	Before 2.1.1

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

http://www.openwall.com/lists/oss-security/2023/11/27/3

Source: security@apache.org

Mailing List

https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh

Source: security@apache.org

Mailing List

http://www.openwall.com/lists/oss-security/2023/11/27/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

Timeline

No history available yet.