CVE-2023-42501

medium

Description

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.

References

https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh

http://www.openwall.com/lists/oss-security/2023/11/27/3

Details

Source: Mitre, NVD

Published: 2023-11-27

Updated: 2025-02-13

Named Vulnerability: Incorrect Default Permissions

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00201