Moderate severityNVD Advisory· Published Nov 27, 2023· Updated Jun 5, 2025
Apache Superset: Unnecessary read permissions within the Gamma role
CVE-2023-42501
Description
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove can_read permission from the mentioned resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-supersetPyPI | < 2.1.2 | 2.1.2 |
Affected products
3- osv-coords2 versions
< 2.1.1+ 1 more
- (no CPE)range: < 2.1.1
- (no CPE)range: < 2.1.2
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-vv65-fjfj-4736ghsaADVISORY
- lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4yghghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-42501ghsaADVISORY
- www.openwall.com/lists/oss-security/2023/11/27/3ghsaWEB
News mentions
0No linked articles in our index yet.