Vulnerability Database

299,759

Total vulnerabilities in the database

CVE-2023-32672

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.

Published: Sep 6, 2023
Updated: May 10, 2024
CVE: CVE-2023-32672
GHSA: GHSA-95ch-p3gw-23qg
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
apache-superset	-	2.1.0.x
apache / superset	-	2.1.0.x

https://lists.apache.org/thread/ococ6nlj80f0okkwfwpjczy3q84j3wkp

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo