MEDIUM 4.3
PYSEC-2026-1188
Apache Superset has Incorrect Default Permissions
상세
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2023-42501 [ADVISORY]
- https://github.com/apache/superset [PACKAGE]
- https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh [WEB]
- http://www.openwall.com/lists/oss-security/2023/11/27/3 [WEB]
- https://pypi.org/project/apache-superset [PACKAGE]
- https://github.com/advisories/GHSA-vv65-fjfj-4736 [ADVISORY]