CVE-2023-27525

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.1 LOW
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
apacheCNA
3.1 LOW
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
apachesuperset
𝑥
≤ 2.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77
https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77