Moderate severityNVD Advisory· Published Feb 28, 2024· Updated Feb 13, 2025
Apache Superset: Improper data authorization when creating a new dataset
CVE-2024-24779
Description
Apache Superset with custom roles that include can write on dataset and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.
Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-supersetPyPI | < 3.0.4 | 3.0.4 |
apache-supersetPyPI | >= 3.1.0, < 3.1.1 | 3.1.1 |
Affected products
3- osv-coords2 versions
< 4.1.1+ 1 more
- (no CPE)range: < 4.1.1
- (no CPE)range: < 3.0.4
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-wr6g-9wcr-cmqjghsaADVISORY
- lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pqghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-24779ghsaADVISORY
- www.openwall.com/lists/oss-security/2024/02/28/6ghsaWEB
News mentions
0No linked articles in our index yet.