VDB
KO
MEDIUM 4.3

PYSEC-2026-1188

Apache Superset has Incorrect Default Permissions

Details

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / apache-superset
Introduced in: 0 Fixed in: 2.1.2
Fix pip install --upgrade 'apache-superset>=2.1.2'

References