CVE-2024-55633
CVSS V2 None
CVSS V3 None
Description
Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable.
This issue affects Apache Superset: before 4.1.0.
Users are recommended to upgrade to version 4.1.0, which fixes the issue.
Overview
- CVE ID
- CVE-2024-55633
- Assigner
- apache
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-12T14:36:02.325Z
- Last Modified Date
- 2024-12-12T18:03:30.295Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb | vendor-advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-55633 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55633 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-12-13 13:19:05 | Added to TrackCVE |