CVE-2023-36387
Apache Superset has improper default REST API permission for Gamma users
5.4
MEDIUM
CVSS 3.1
EPSS 0.02%
Description
An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.
How to fix CVE-2023-36387
To remediate CVE-2023-36387, upgrade the affected package to a fixed version below.
- Bitnami/superset—upgrade to 2.1.1 or later
- —no fix listed
Is CVE-2023-36387 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.1.1
- from 0, <= 2.1.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L |