CVE-2023-27523
Apache Superset vulnerable to improper data authorization
5.0
MEDIUM
CVSS 3.1
EPSS 0.07%
Description
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.
How to fix CVE-2023-27523
To remediate CVE-2023-27523, upgrade the affected package to a fixed version below.
- Bitnami/superset—upgrade to 2.1.1 or later
- —no fix listed
Is CVE-2023-27523 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.1.1
- from 0, <= 2.1.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |