Vulnerability-Lookup

CVE-2023-43701 (GCVE-0-2023-43701)

Vulnerability from cvelistv5 – Published: 2023-11-27 10:52 – Updated: 2024-08-02 19:44

Title

Apache Superset: Stored XSS on API endpoint

Summary

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

apache

References

URL

Tags

	https://lists.apache.org/thread/4dnr1knk50fw60jxk…	vendor-advisory
	https://www.openwall.com/lists/oss-security/2023/…

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Superset	Affected: 0 , < 2.1.2 (semver)

Credits

Amit Laish – GE Vernova

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:44:43.832Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/11/27/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Superset",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Amit Laish \u2013 GE Vernova"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart\u0027s metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint.\u0026nbsp;This issue affects Apache Superset versions prior to 2.1.2.\u0026nbsp;\u003cbr\u003eUsers are recommended to upgrade to version 2.1.2, which fixes this issue."
            }
          ],
          "value": "Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart\u0027s metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint.\u00a0This issue affects Apache Superset versions prior to 2.1.2.\u00a0\nUsers are recommended to upgrade to version 2.1.2, which fixes this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-27T14:46:15.673Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/11/27/4"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Superset: Stored XSS on API endpoint",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-43701",
    "datePublished": "2023-11-27T10:52:09.754Z",
    "dateReserved": "2023-09-21T11:46:12.851Z",
    "dateUpdated": "2024-08-02T19:44:43.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.1.2\", \"matchCriteriaId\": \"15732220-B366-4C92-A7D6-8C5DF4C9CA20\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart\u0027s metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint.\\u00a0This issue affects Apache Superset versions prior to 2.1.2.\\u00a0\\nUsers are recommended to upgrade to version 2.1.2, which fixes this issue.\"}, {\"lang\": \"es\", \"value\": \"Una validaci\\u00f3n de payload inadecuado y un tipo de respuesta de API REST inadecuado hicieron posible que un actor malicioso autenticado almacenara c\\u00f3digo malicioso en los metadatos de Chart; este c\\u00f3digo podr\\u00eda ejecutarse si un usuario accede espec\\u00edficamente a un endpoint de API obsoleto espec\\u00edfico. Este problema afecta a las versiones de Apache Superset anteriores a la 2.1.2. Se recomienda a los usuarios actualizar a la versi\\u00f3n 2.1.2, que soluciona este problema.\"}]",
      "id": "CVE-2023-43701",
      "lastModified": "2024-11-21T08:24:36.127",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}]}",
      "published": "2023-11-27T11:15:07.950",
      "references": "[{\"url\": \"https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/11/27/4\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/11/27/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-43701\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-11-27T11:15:07.950\",\"lastModified\":\"2024-11-21T08:24:36.127\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart\u0027s metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint.\u00a0This issue affects Apache Superset versions prior to 2.1.2.\u00a0\\nUsers are recommended to upgrade to version 2.1.2, which fixes this issue.\"},{\"lang\":\"es\",\"value\":\"Una validaci\u00f3n de payload inadecuado y un tipo de respuesta de API REST inadecuado hicieron posible que un actor malicioso autenticado almacenara c\u00f3digo malicioso en los metadatos de Chart; este c\u00f3digo podr\u00eda ejecutarse si un usuario accede espec\u00edficamente a un endpoint de API obsoleto espec\u00edfico. Este problema afecta a las versiones de Apache Superset anteriores a la 2.1.2. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.1.2, que soluciona este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"15732220-B366-4C92-A7D6-8C5DF4C9CA20\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/11/27/4\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/11/27/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}"
  }
}

bit-superset-2023-43701

Vulnerability from bitnami_vulndb

Published

2025-02-05 07:27

Modified

2025-05-20 10:02

Summary

Apache Superset: Stored XSS on API endpoint

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "superset",
        "purl": "pkg:bitnami/superset"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.2"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-43701"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
  },
  "details": "Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart\u0027s metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint.\u00a0This issue affects Apache Superset versions prior to 2.1.2.\u00a0\nUsers are recommended to upgrade to version 2.1.2, which fixes this issue.",
  "id": "BIT-superset-2023-43701",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2025-02-05T07:27:04.308Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2023/11/27/4"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43701"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Apache Superset: Stored XSS on API endpoint"
}

GSD-2023-43701

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-43701

Aliases

CVE-2023-43701

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-43701",
    "id": "GSD-2023-43701"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-43701"
      ],
      "details": "Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart\u0027s metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint.\u00a0This issue affects Apache Superset versions prior to 2.1.2.\u00a0\nUsers are recommended to upgrade to version 2.1.2, which fixes this issue.",
      "id": "GSD-2023-43701",
      "modified": "2023-12-13T01:20:44.324546Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2023-43701",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Superset",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "2.1.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Amit Laish \u2013 GE Vernova"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart\u0027s metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint.\u00a0This issue affects Apache Superset versions prior to 2.1.2.\u00a0\nUsers are recommended to upgrade to version 2.1.2, which fixes this issue."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-79",
                "lang": "eng",
                "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892"
          },
          {
            "name": "https://www.openwall.com/lists/oss-security/2023/11/27/4",
            "refsource": "MISC",
            "url": "https://www.openwall.com/lists/oss-security/2023/11/27/4"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2023-43701"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart\u0027s metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint.\u00a0This issue affects Apache Superset versions prior to 2.1.2.\u00a0\nUsers are recommended to upgrade to version 2.1.2, which fixes this issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892",
              "refsource": "",
              "tags": [
                "Mailing List"
              ],
              "url": "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2023/11/27/4",
              "refsource": "",
              "tags": [
                "Mailing List"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2023/11/27/4"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2023-12-01T19:10Z",
      "publishedDate": "2023-11-27T11:15Z"
    }
  }
}

FKIE_CVE-2023-43701

Vulnerability from fkie_nvd - Published: 2023-11-27 11:15 - Updated: 2024-11-21 08:24

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security@apache.org	https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892	Mailing List
security@apache.org	https://www.openwall.com/lists/oss-security/2023/11/27/4	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://www.openwall.com/lists/oss-security/2023/11/27/4	Mailing List

Impacted products

	Vendor	Product	Version
	apache	superset	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15732220-B366-4C92-A7D6-8C5DF4C9CA20",
              "versionEndExcluding": "2.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart\u0027s metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint.\u00a0This issue affects Apache Superset versions prior to 2.1.2.\u00a0\nUsers are recommended to upgrade to version 2.1.2, which fixes this issue."
    },
    {
      "lang": "es",
      "value": "Una validaci\u00f3n de payload inadecuado y un tipo de respuesta de API REST inadecuado hicieron posible que un actor malicioso autenticado almacenara c\u00f3digo malicioso en los metadatos de Chart; este c\u00f3digo podr\u00eda ejecutarse si un usuario accede espec\u00edficamente a un endpoint de API obsoleto espec\u00edfico. Este problema afecta a las versiones de Apache Superset anteriores a la 2.1.2. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.1.2, que soluciona este problema."
    }
  ],
  "id": "CVE-2023-43701",
  "lastModified": "2024-11-21T08:24:36.127",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "security@apache.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-27T11:15:07.950",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2023/11/27/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2023/11/27/4"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

GHSA-WQ8Q-99P5-XFRW

Vulnerability from github – Published: 2023-11-27 12:30 – Updated: 2023-11-28 20:53

Summary

Apache Superset Cross-site Scripting vulnerability

Details

Severity ?

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-superset"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-43701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-28T20:53:29Z",
    "nvd_published_at": "2023-11-27T11:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart\u0027s metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint.\u00a0This issue affects Apache Superset versions prior to 2.1.2.\u00a0\nUsers are recommended to upgrade to version 2.1.2, which fixes this issue.",
  "id": "GHSA-wq8q-99p5-xfrw",
  "modified": "2023-11-28T20:53:29Z",
  "published": "2023-11-27T12:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43701"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/superset"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2023/11/27/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/11/27/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Superset Cross-site Scripting vulnerability"
}

CNVD-2023-96659

Vulnerability from cnvd - Published: 2023-12-13

Title

Apache Superset跨站脚本漏洞（CNVD-2023-9665948）

Description

Apache Superset是美国阿帕奇（Apache）基金会的一个数据可视化和数据探索平台。 Apache Superset 2.1.2之前版本存在跨站脚本漏洞，该漏洞源于存在不正确的有效负载验证和不正确的REST API响应类型问题。经过身份验证的攻击者可利用该漏洞将恶意代码存储到Chart的元数据中，如果用户专门访问特定的已弃用的API端点，则该代码可能会被执行。

Severity

中

Patch Name

Apache Superset跨站脚本漏洞（CNVD-2023-9665948）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-43701

Impacted products

Name
Apache Superset <2.1.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-43701",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-43701"
    }
  },
  "description": "Apache Superset\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u6570\u636e\u53ef\u89c6\u5316\u548c\u6570\u636e\u63a2\u7d22\u5e73\u53f0\u3002\n\nApache Superset 2.1.2\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728\u4e0d\u6b63\u786e\u7684\u6709\u6548\u8d1f\u8f7d\u9a8c\u8bc1\u548c\u4e0d\u6b63\u786e\u7684REST API\u54cd\u5e94\u7c7b\u578b\u95ee\u9898\u3002\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u6076\u610f\u4ee3\u7801\u5b58\u50a8\u5230Chart\u7684\u5143\u6570\u636e\u4e2d\uff0c\u5982\u679c\u7528\u6237\u4e13\u95e8\u8bbf\u95ee\u7279\u5b9a\u7684\u5df2\u5f03\u7528\u7684API\u7aef\u70b9\uff0c\u5219\u8be5\u4ee3\u7801\u53ef\u80fd\u4f1a\u88ab\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-96659",
  "openTime": "2023-12-13",
  "patchDescription": "Apache Superset\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u6570\u636e\u53ef\u89c6\u5316\u548c\u6570\u636e\u63a2\u7d22\u5e73\u53f0\u3002\r\n\r\nApache Superset 2.1.2\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728\u4e0d\u6b63\u786e\u7684\u6709\u6548\u8d1f\u8f7d\u9a8c\u8bc1\u548c\u4e0d\u6b63\u786e\u7684REST API\u54cd\u5e94\u7c7b\u578b\u95ee\u9898\u3002\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u6076\u610f\u4ee3\u7801\u5b58\u50a8\u5230Chart\u7684\u5143\u6570\u636e\u4e2d\uff0c\u5982\u679c\u7528\u6237\u4e13\u95e8\u8bbf\u95ee\u7279\u5b9a\u7684\u5df2\u5f03\u7528\u7684API\u7aef\u70b9\uff0c\u5219\u8be5\u4ee3\u7801\u53ef\u80fd\u4f1a\u88ab\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Superset\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2023-9665948\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Superset \u003c2.1.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-43701",
  "serverity": "\u4e2d",
  "submitTime": "2023-11-30",
  "title": "Apache Superset\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2023-9665948\uff09"
}

WID-SEC-W-2023-3010

Vulnerability from csaf_certbund - Published: 2023-11-26 23:00 - Updated: 2023-11-26 23:00

Summary

Apache Superset: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Apache Superset ist eine Open-Source-Plattform zur Datenexploration und -visualisierung.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Apache Superset ausnutzen, um seine Privilegien zu erhöhen, Informationen offenzulegen oder einen Cross Site Scripting Angriff durchzuführen.

Betroffene Betriebssysteme

- UNIX - Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Superset ist eine Open-Source-Plattform zur Datenexploration und -visualisierung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Apache Superset ausnutzen, um seine Privilegien zu erh\u00f6hen, Informationen offenzulegen oder einen Cross Site Scripting Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3010 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3010.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3010 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3010"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2023-11-27",
        "url": "https://www.openwall.com/lists/oss-security/2023/11/27/4"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2023-11-27",
        "url": "https://www.openwall.com/lists/oss-security/2023/11/27/3"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2023-11-27",
        "url": "https://www.openwall.com/lists/oss-security/2023/11/27/2"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Superset: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-11-26T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:02:04.947+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-3010",
      "initial_release_date": "2023-11-26T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-11-26T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Apache Superset \u003c 2.1.2",
            "product": {
              "name": "Apache Superset \u003c 2.1.2",
              "product_id": "T031357",
              "product_identification_helper": {
                "cpe": "cpe:/a:apache:superset:2.1.2"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Apache"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-43701",
      "notes": [
        {
          "category": "description",
          "text": "In Apache Superset existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein authentisierter Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-11-26T23:00:00.000+00:00",
      "title": "CVE-2023-43701"
    },
    {
      "cve": "CVE-2023-42501",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Superset. Innerhalb der Gammarolle werden nicht notwendige Leseberechtigungen gesetzt. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um konfigurierte CSS-Vorlagen und Anmerkungen zu lesen."
        }
      ],
      "release_date": "2023-11-26T23:00:00.000+00:00",
      "title": "CVE-2023-42501"
    },
    {
      "cve": "CVE-2023-40610",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Superset. Aufgrund einer unsachgem\u00e4\u00dfen Berechtigungspr\u00fcfung bei der Verwendung der Standard-Beispiele-Datenbankverbindung, die den Zugriff sowohl auf das Beispiele-Schema als auch auf die Metadaten-Datenbank erm\u00f6glicht, kann ein Angreifer mit einer speziell gestalteten CTE-SQL-Anweisung Daten in der Metadaten-Datenbank \u00e4ndern. In der Folge kann er Authentifizierungs-/Autorisierungsdaten manipulieren und so seine Privilegien erweitern."
        }
      ],
      "release_date": "2023-11-26T23:00:00.000+00:00",
      "title": "CVE-2023-40610"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-43701 (GCVE-0-2023-43701)

bit-superset-2023-43701

Vulnerability from bitnami_vulndb

GSD-2023-43701

FKIE_CVE-2023-43701

GHSA-WQ8Q-99P5-XFRW

CNVD-2023-96659

WID-SEC-W-2023-3010

Tags

Sightings

Nomenclature