CVE-2023-36388: Server-Side Request Forgery (SSRF)

September 6, 2023 (updated September 11, 2023)

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.

References

github.com/advisories/GHSA-4fg9-5w46-xmrj
lists.apache.org/thread/ccmjjz4jp17yc2kcd18qshmdtf7qorfs
nvd.nist.gov/vuln/detail/CVE-2023-36388

Detect and mitigate CVE-2023-36388 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →