CVE-2023-27523
MEDIUMApache Superset <= 2.1.0 - Authenticated Improper Data Authorization in Jinja Templated Queries
Title source: llmDescription
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.
References (1)
Core 1
Core References
Mailing List vendor-advisory
https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h
Scores
CVSS v3
5.0
EPSS
0.0009
EPSS Percentile
24.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-863
Status
published
Products (2)
apache/superset
< 2.1.0
pypi/apache-superset
0PyPI
Published
Sep 06, 2023
Tracked Since
Feb 18, 2026