An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.

Affected Packages

PyPI apache-superset

Affected versions: 0 (last affected: 2.1.0)

Related CVEs

CVE-2023-32672

Key Information

GHSA ID

GHSA-95ch-p3gw-23qg

Published

September 6, 2023 3:30 PM

Last Modified

September 7, 2023 1:59 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

apache-superset

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.