CVE-2024-28148: Apache Superset Incorrect Authorization vulnerability

May 7, 2024

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. This issue affects Apache Superset before 4.0.0.

Users are recommended to upgrade to version 4.0.0, which fixes the issue.

References

github.com/advisories/GHSA-299q-3p96-5898
github.com/apache/superset
lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo
nvd.nist.gov/vuln/detail/CVE-2024-28148

Detect and mitigate CVE-2024-28148 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →