CVE-2023-32672
Apache Superset has incorrect authorization check
4.3
MEDIUM
CVSS 3.1
EPSS 0.17%
Description
An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.
How to fix CVE-2023-32672
To remediate CVE-2023-32672, upgrade the affected package to a fixed version below.
- —upgrade to 2.1.1 or later
- —no fix listed
Is CVE-2023-32672 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.1.1
- from 0, <= 2.1.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |