CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49657 – Apache Superset: Stored XSS in Dashboard Title and Chart Title
https://notcve.org/view.php?id=CVE-2023-49657
23 Jan 2024 — A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their config to include: TALISMAN_CONFIG = { "content_security_policy": { "base-uri": ["'self'"], "default-src": ["'self'"], "img-src": ["'self'", "blob:", "data:"], "worker-src": ["'self'", "blob:"], "connect-src": [ "... • https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49734 – Apache Superset: Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-49734
19 Dec 2023 — An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue. Un usuario de Gamma autenticado tiene la capacidad de crear un panel y agregarle gráficos; este usuario se convertiría automáticam... • http://www.openwall.com/lists/oss-security/2023/12/19/3 • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49736 – Apache Superset: SQL Injection on where_in JINJA macro
https://notcve.org/view.php?id=CVE-2023-49736
19 Dec 2023 — A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue. Una macro Where_in JINJA permite a los usuarios especificar una cita, que combinada con una declaración cuidadosamente manipulada permitiría la inyección de SQL en Apache Superset. Este problema afecta a Apac... • http://www.openwall.com/lists/oss-security/2023/12/19/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46104 – Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb
https://notcve.org/view.php?id=CVE-2023-46104
19 Dec 2023 — Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. El consumo incontrolado de recursos puede ser provocado por un atacante autenticado que carga un ZIP malicioso para importar bases de datos, paneles o conjuntos de datos. Esta vulnerabilidad existe en las versiones de Apache Superset hasta la 2.1.2 inclus... • http://www.openwall.com/lists/oss-security/2023/12/19/1 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42504 – Apache Superset: Lack of rate limiting allows for possible denial of service
https://notcve.org/view.php?id=CVE-2023-42504
28 Nov 2023 — An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0 Un usuario malicioso autenticado podría iniciar múltiples solicitudes simultáneas, cada una de las cuales solicita múltiples exportaciones de paneles, lo que lleva a una posible denegación de servicio. Este problema afecta a Apache Superset: antes de 3.0.0 • http://www.openwall.com/lists/oss-security/2023/11/28/6 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42505 – Apache Superset: Sensitive information disclosure on db connection details
https://notcve.org/view.php?id=CVE-2023-42505
28 Nov 2023 — An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0. Un usuario autenticado con permisos de lectura sobre los metadatos de las conexiones de bases de datos podría acceder a información confidencial, como el nombre de usuario de la conexión. Este problema afecta a Apache Superset anterior a 3.0.0. • http://www.openwall.com/lists/oss-security/2023/11/28/5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42502 – Apache Superset: Open Redirect Vulnerability
https://notcve.org/view.php?id=CVE-2023-42502
28 Nov 2023 — An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0. Un atacante autenticado con permiso para actualizar conjuntos de datos podría cambiar el enlace de un conjunto de datos a un sitio que no es de confianza falsificando el encabezado del host HTTP; los usuarios podrían ser redirigidos a... • https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43701 – Apache Superset: Stored XSS on API endpoint
https://notcve.org/view.php?id=CVE-2023-43701
27 Nov 2023 — Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2. Users are recommended to upgrade to version 2.1.2, which fixes this issue. Una validación de payload inadecuado y un tipo de respuesta de API REST inadecuado hicieron posible que un acto... • https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42501 – Apache Superset: Unnecessary read permissions within the Gamma role
https://notcve.org/view.php?id=CVE-2023-42501
27 Nov 2023 — Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources. Los permisos de lectura innecesarios dentro de la función Gamma permitirían a los usuarios autenticados leer plantillas y anotaciones CSS configuradas. Este problema ... • http://www.openwall.com/lists/oss-security/2023/11/27/3 • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40610 – Apache Superset: Privilege escalation with default examples database
https://notcve.org/view.php?id=CVE-2023-40610
27 Nov 2023 — Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data. Verificación de autorización incorrecta y posible escalada de privilegios en Apache ... • http://www.openwall.com/lists/oss-security/2023/11/27/2 • CWE-863: Incorrect Authorization •