Vulnerability Database

299,759

Total vulnerabilities in the database

CVE-2023-27523

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.

Published: Sep 6, 2023
Updated: May 10, 2024
CVE: CVE-2023-27523
GHSA: GHSA-v594-2c97-hx38
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
apache-superset	-	2.1.0.x
apache / superset	-	2.1.0.x

https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo