CVE-2023-40610

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/11/27/2	Mailing List Third Party Advisory
https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5
https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*

History

10 Jan 2024, 17:15

Type	Values Removed	Values Added
References		() https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5 -

01 Dec 2023, 02:31

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
First Time		Apache Apache superset
CPE		cpe:2.3:a:apache:superset::::::::
References	~~() https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot -~~	() https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot - Mailing List, Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2023/11/27/2 -~~	() http://www.openwall.com/lists/oss-security/2023/11/27/2 - Mailing List, Third Party Advisory

27 Nov 2023, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-27 11:15

Updated : 2024-01-10 17:15

NVD link : CVE-2023-40610

Mitre link : CVE-2023-40610

CVE.ORG link : CVE-2023-40610

JSON object : View

Products Affected

apache

superset

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2023-40610", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@apache.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 1.8}]}, "published": "2023-11-27T11:15:07.293", "references": [{"url": "http://www.openwall.com/lists/oss-security/2023/11/27/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Improper authorization check and possible privilege escalation on Apache Superset\u00a0up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.\n\n"}, {"lang": "es", "value": "Verificaci\u00f3n de autorizaci\u00f3n incorrecta y posible escalada de privilegios en Apache Superset hasta 2.1.2, pero excluy\u00e9ndolo. Utilizando la conexi\u00f3n de base de datos de ejemplos predeterminada que permite el acceso tanto al esquema de ejemplos como a la base de datos de metadatos de Apache Superset, un atacante que utilice una declaraci\u00f3n SQL CTE especialmente manipulada podr\u00eda cambiar los datos de la base de datos de metadatos. Esta debilidad podr\u00eda resultar en la manipulaci\u00f3n de los datos de autenticaci\u00f3n/autorizaci\u00f3n."}], "lastModified": "2024-01-10T17:15:08.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15732220-B366-4C92-A7D6-8C5DF4C9CA20", "versionEndExcluding": "2.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}