VYPR
Moderate severityNVD Advisory· Published Nov 27, 2023· Updated Jun 5, 2025

Apache Superset: Unnecessary read permissions within the Gamma role

CVE-2023-42501

Description

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove can_read permission from the mentioned resources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
apache-supersetPyPI
< 2.1.22.1.2

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.