Superset
CVE-2023-25504
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.
AnalysisAI
A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1. Affected products include: Apache Superset.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Rated critical severity (CVSS 9.8), th
An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to pos
If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Py
Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternati
Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Rated high
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Rated critical severity (CVSS 9.8),
A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow fo
Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allow
While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests v
In the course of work on the open source project it was discovered that authenticated users running queries against Hive
Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Rate
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today