CVE-2024-24779: Apache Superset: Improper data authorization when creating a new dataset

CVE-2024-24779: Apache Superset: Improper data authorization when creating a new dataset

Open Source Security [[{„value“:“

Posted by Daniel Gaspar on Feb 28

Affected versions:

– Apache Superset before 3.0.4
– Apache Superset 3.1.0 before 3.1.1

Description:

Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows
for users to create virtual datasets to data they don’t have access to. These users could then use those virtual
datasets to get access to unauthorized data.
This issue affects Apache Superset: before 3.0.4, from 3.1.0…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert