CVE-2023-42504

An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.

This issue affects Apache Superset: before 3.0.0
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
apacheCNA
5.8 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
apachesuperset
𝑥
< 3.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2023/11/28/6
https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l
http://www.openwall.com/lists/oss-security/2023/11/28/6
https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l