CVE-2023-32672
MEDIUMApache Superset <= 2.1.0 - Authenticated Incorrect Authorization in SQLLab
Title source: llmDescription
An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://lists.apache.org/thread/ococ6nlj80f0okkwfwpjczy3q84j3wkp
Scores
CVSS v3
4.3
EPSS
0.0021
EPSS Percentile
42.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-863
Status
published
Products (2)
apache/superset
< 2.1.0
pypi/apache-superset
0PyPI
Published
Sep 06, 2023
Tracked Since
Feb 18, 2026