CVE-2023-27525

EUVD-2023-1227
An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.1 LOW
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
apacheCNA
3.1 LOW
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
apachesuperset
𝑥
≤ 2.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77
https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77