Auth bypass in Apache Superset

CVE-2023-49734

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affe…

Vulnerability class: Broken Access Control

EPSS: 0.009 (56.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-49734?
CVE-2023-49734 is a high-severity vulnerability in Apache Superset, classified under Incorrect Authorization. CVSS score: 7.7/10. Published 2023-12-19.
How severe is CVE-2023-49734?
High severity. CVSS v3 base score is 7.7 out of 10.