CVE-2024-53949

CVSS V2 None CVSS V3 None
Description
Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API.  issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.
Overview
  • CVE ID
  • CVE-2024-53949
  • Assigner
  • apache
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-09T13:35:41.530Z
  • Last Modified Date
  • 2024-12-09T18:03:43.157Z
References
Reference URL Reference Tags
https://lists.apache.org/thread/d3scbwmfpzbpm6npnzdw5y4owtqqyq8d vendor-advisory
History
Created Old Value New Value Data Type Notes
2024-12-10 14:01:07 Added to TrackCVE