CVE-2024-24779

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-24779

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24779.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-24779

Aliases

Published

2024-02-28T12:15:47Z

Modified

2025-02-13T18:17:09Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Apache Superset with custom roles that include can write on dataset and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.

Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.

References

Affected packages

Git / github.com/apache/superset

Affected ranges

Type: GIT
Repo: https://github.com/apache/superset
Events: Introduced

0cd2431989f2d0182c02f33c88a5dc9645403980

Fixed

49fee6c776fb742acf6a9a5c59ee2cf8d257f89b