CVE-2023-27523

CWE-863Incorrect Authorization4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 79.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache SupersetApache Superset
Timeline
PublishedSep 6

Description

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages3 packages

NVDapache/superset2.1.0
PyPIapache-superset2.1.0

🔴Vulnerability Details

3
OSV
Apache Superset vulnerable to improper data authorization2023-09-06
CVEList
Apache Superset: Improper data permission validation on Jinja templated queries2023-09-06
GHSA
Apache Superset vulnerable to improper data authorization2023-09-06
CVE-2023-27523 (MEDIUM CVSS 4.3) | Improper data authorization check o | cvebase.io