Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-53949

UNKNOWN
Published 2024-12-09T13:35:41.530Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-53949. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API.

 issue affects Apache Superset: from 2.0.0 before 4.1.0.

Users are recommended to upgrade to version 4.1.0, which fixes the issue.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Superset

Affected Versions:

2.0.0
apache

superset

Affected Versions:

2.0.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled

GHSA-35fc-9hrj-3585

Advisory Details

Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API.  issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.

Affected Packages

PyPI apache-superset
ECOSYSTEM: ≥2.0.0 <4.1.0

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-53949
WEB https://github.com/apache/superset/commit/7650c47e72f28559e91524f5d68d50c2060df4c7
PACKAGE https://github.com/apache/superset
WEB https://lists.apache.org/thread/d3scbwmfpzbpm6npnzdw5y4owtqqyq8d
WEB http://www.openwall.com/lists/oss-security/2024/12/09/4

Advisory provided by GitHub Security Advisory Database. Published: December 9, 2024, Modified: February 12, 2025

References

https://lists.apache.org/thread/d3scbwmfpzbpm6npnzdw5y4owtqqyq8d
Published: 2024-12-09T13:35:41.530Z
Last Modified: 2025-02-12T09:34:57.804Z
Copied to clipboard!