CVE-2023-27526: Incorrect Authorization

September 6, 2023 (updated September 11, 2023)

A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0.

References

github.com/advisories/GHSA-9qc3-p9jq-2x27
lists.apache.org/thread/ndww89yl2jd98lvn23n9cj722lfdg8dv
nvd.nist.gov/vuln/detail/CVE-2023-27526

Detect and mitigate CVE-2023-27526 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →