4.3
CVE-2023-42501
- EPSS 0.86%
- Veröffentlicht 27.11.2023 11:15:07
- Zuletzt bearbeitet 13.02.2025 17:17:08
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache Superset: Unnecessary read permissions within the Gamma role
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.86% | 0.537 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| security@apache.org | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
http://www.openwall.com/lists/oss-security/2023/11/27/3
https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh