CVE-2024-26016: Apache Superset: Improper authorization validation on dashboards and charts import

CVE-2024-26016: Apache Superset: Improper authorization validation on dashboards and charts import

Open Source Security [[{„value“:“

Posted by Daniel Gaspar on Feb 28

Affected versions:

– Apache Superset before 3.0.4
– Apache Superset 3.1.0 before 3.1.1

Description:

A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then
modify its metadata, thereby gaining ownership of the object. However, it’s important to note that access to the
analytical data of these charts and dashboards would still be subject to validation based on data access…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert