CVE-2023-42501: Incorrect Default Permissions
(updated )
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.
This issue affects Apache Superset: before 2.1.2.
Users should upgrade to version or above 2.1.2 and run superset init
to reconstruct the Gamma role or remove can_read
permission from the mentioned resources.
References
Detect and mitigate CVE-2023-42501 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →