CVE-2023-27525: Incorrect Authorization

April 17, 2023 (updated April 27, 2023)

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1

References

github.com/advisories/GHSA-7jhg-8m74-6f6g
lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77
nvd.nist.gov/vuln/detail/CVE-2023-27525

Detect and mitigate CVE-2023-27525 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →