CVE-2023-42501
published 2023-11-27CVE-2023-42501: Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.
This issue affects Apache Superset: before 2.1.2.
Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | superset | < 2.1.1 | 2.1.1 |
| apache_software_foundation | apache_superset | < 2.1.2 | 2.1.2 |