CVE-2024-53949
published 2024-12-09CVE-2024-53949: Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use…
high7.6CVSS 4.0
AVNACLATPPRLUINVCHVIHVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API.
issue affects Apache Superset: from 2.0.0 before 4.1.0.
Users are recommended to upgrade to version 4.1.0, which fixes the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | superset | >= 2.0.0 < 4.1.0 | 4.1.0 |
| apache_software_foundation | apache_superset | >= 2.0.0 < 4.1.0 | 4.1.0 |