Moderate severityNVD Advisory· Published May 7, 2024· Updated Aug 2, 2024
Apache Superset: Incorrect datasource authorization on explore REST API
CVE-2024-28148
Description
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2.
Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-supersetPyPI | < 3.1.2 | 3.1.2 |
Affected products
3- osv-coords2 versions
< 4.1.1+ 1 more
- (no CPE)range: < 4.1.1
- (no CPE)range: < 3.1.2
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-299q-3p96-5898ghsaADVISORY
- lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgoghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-28148ghsaADVISORY
News mentions
0No linked articles in our index yet.