Back

CVE-2024-28148

May 7, 2024, 8:07 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Apache Superset

  • before 4.0.0

Source

security@apache.org

Tags

security@apache.org
CWE-863
2024-05-07
CVE-2024-28148

CVE-2024-28148 details

Published : May 7, 2024, 2:15 p.m.
Last Modified : May 7, 2024, 8:07 p.m.

Description

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 4.0.0. Users are recommended to upgrade to version 4.0.0, which fixes the issue.

CVSS Score

1 2 3 4.3 5 6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

Base Score

4.3

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

URL Source
https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo security@apache.org
This website uses the NVD API, but is not approved or certified by it.