Google Git
Sign in
apache / superset-site / 15df516661e70855c947d2e517cba98cc2ad9ad8 / . / assets / js / dd0670d3.27bc1a88.js
blob: a00c8fd498b1eb514e93fd9f08b20882b3cce8a3 [file] [log] [blame]
"use strict";(self.webpackChunkdocs_v_2=self.webpackChunkdocs_v_2||[]).push([[742],{55296:(t,e,r)=>{r.r(e),r.d(e,{assets:()=>p,contentTitle:()=>l,default:()=>k,frontMatter:()=>i,metadata:()=>o,toc:()=>d});var a=r(83117),n=(r(67294),r(3905));const i={title:"CVEs fixed by release",hide_title:!0,sidebar_position:2},l=void 0,o={unversionedId:"security/cves",id:"security/cves",title:"CVEs fixed by release",description:"Version 3.0.0",source:"@site/docs/security/cves.mdx",sourceDirName:"security",slug:"/security/cves",permalink:"/docs/security/cves",draft:!1,editUrl:"https://github.com/apache/superset/tree/master/docs/docs/security/cves.mdx",tags:[],version:"current",sidebarPosition:2,frontMatter:{title:"CVEs fixed by release",hide_title:!0,sidebar_position:2},sidebar:"tutorialSidebar",previous:{title:"Security",permalink:"/docs/security/"},next:{title:"API",permalink:"/docs/api"}},p={},d=[{value:"Version 3.0.0",id:"version-300",level:4},{value:"Version 2.1.2",id:"version-212",level:4},{value:"Version 2.1.1",id:"version-211",level:4},{value:"Version 2.1.0",id:"version-210",level:4},{value:"Version 2.0.1",id:"version-201",level:4}],m={toc:d},s="wrapper";function k(t){let{components:e,...r}=t;return(0,n.kt)(s,(0,a.Z)({},m,r,{components:e,mdxType:"MDXLayout"}),(0,n.kt)("h4",{id:"version-300"},"Version 3.0.0"),(0,n.kt)("table",null,(0,n.kt)("thead",{parentName:"table"},(0,n.kt)("tr",{parentName:"thead"},(0,n.kt)("th",{parentName:"tr",align:"left"},"CVE"),(0,n.kt)("th",{parentName:"tr",align:"left"},"Title"),(0,n.kt)("th",{parentName:"tr",align:"right"},"Affected"))),(0,n.kt)("tbody",{parentName:"table"},(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-42502"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Open Redirect Vulnerability"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 3.0.0")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-42504"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Lack of rate limiting allows for possible denial of service"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 3.0.0")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-42505"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Sensitive information disclosure on db connection details"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 3.0.0")))),(0,n.kt)("h4",{id:"version-212"},"Version 2.1.2"),(0,n.kt)("table",null,(0,n.kt)("thead",{parentName:"table"},(0,n.kt)("tr",{parentName:"thead"},(0,n.kt)("th",{parentName:"tr",align:"left"},"CVE"),(0,n.kt)("th",{parentName:"tr",align:"left"},"Title"),(0,n.kt)("th",{parentName:"tr",align:"right"},"Affected"))),(0,n.kt)("tbody",{parentName:"table"},(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-40610"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Privilege escalation with default examples database"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.2")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-42501"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Unnecessary read permissions within the Gamma role"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.2")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-43701"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Stored XSS on API endpoint"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.2")))),(0,n.kt)("h4",{id:"version-211"},"Version 2.1.1"),(0,n.kt)("table",null,(0,n.kt)("thead",{parentName:"table"},(0,n.kt)("tr",{parentName:"thead"},(0,n.kt)("th",{parentName:"tr",align:"left"},"CVE"),(0,n.kt)("th",{parentName:"tr",align:"left"},"Title"),(0,n.kt)("th",{parentName:"tr",align:"right"},"Affected"))),(0,n.kt)("tbody",{parentName:"table"},(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-36387"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Improper API permission for low privilege users"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.1")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-36388"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Improper API permission for low privilege users allows for SSRF"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.1")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-27523"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Improper data permission validation on Jinja templated queries"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.1")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-27526"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Improper Authorization check on import charts"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.1")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-39264"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Stack traces enabled by default"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.1")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-39265"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Possible Unauthorized Registration of SQLite Database Connections"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.1")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-37941"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Metadata db write access can lead to remote code execution"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.1")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-32672"),(0,n.kt)("td",{parentName:"tr",align:"left"},"SQL parser edge case bypasses data access authorization"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.1")))),(0,n.kt)("h4",{id:"version-210"},"Version 2.1.0"),(0,n.kt)("table",null,(0,n.kt)("thead",{parentName:"table"},(0,n.kt)("tr",{parentName:"thead"},(0,n.kt)("th",{parentName:"tr",align:"left"},"CVE"),(0,n.kt)("th",{parentName:"tr",align:"left"},"Title"),(0,n.kt)("th",{parentName:"tr",align:"right"},"Affected"))),(0,n.kt)("tbody",{parentName:"table"},(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-25504"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Possible SSRF on import datasets"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.0")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-27524"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Session validation vulnerability when using provided default SECRET_KEY"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.0")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-27525"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Incorrect default permissions for Gamma role"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.0")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-30776"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Database connection password leak"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.1.0")))),(0,n.kt)("h4",{id:"version-201"},"Version 2.0.1"),(0,n.kt)("table",null,(0,n.kt)("thead",{parentName:"table"},(0,n.kt)("tr",{parentName:"thead"},(0,n.kt)("th",{parentName:"tr",align:"left"},"CVE"),(0,n.kt)("th",{parentName:"tr",align:"left"},"Title"),(0,n.kt)("th",{parentName:"tr",align:"right"},"Affected"))),(0,n.kt)("tbody",{parentName:"table"},(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2022-41703"),(0,n.kt)("td",{parentName:"tr",align:"left"},"SQL injection vulnerability in adhoc clauses"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.0.1 or <1.5.2")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2022-43717"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Cross-Site Scripting on dashboards"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.0.1 or <1.5.2")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2022-43718"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Cross-Site Scripting vulnerability on upload forms"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.0.1 or <1.5.2")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2022-43719"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Cross Site Request Forgery (CSRF) on accept, request access"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.0.1 or <1.5.2")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2022-43720"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Improper rendering of user input"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.0.1 or <1.5.2")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2022-43721"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Open Redirect Vulnerability"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.0.1 or <1.5.2")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2022-45438"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Dashboard metadata information leak"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.0.1 or <1.5.2")))))}k.isMDXComponent=!0},3905:(t,e,r)=>{r.d(e,{Zo:()=>m,kt:()=>c});var a=r(67294);function n(t,e,r){return e in t?Object.defineProperty(t,e,{value:r,enumerable:!0,configurable:!0,writable:!0}):t[e]=r,t}function i(t,e){var r=Object.keys(t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(t);e&&(a=a.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),r.push.apply(r,a)}return r}function l(t){for(var e=1;e<arguments.length;e++){var r=null!=arguments[e]?arguments[e]:{};e%2?i(Object(r),!0).forEach((function(e){n(t,e,r[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(r)):i(Object(r)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(r,e))}))}return t}function o(t,e){if(null==t)return{};var r,a,n=function(t,e){if(null==t)return{};var r,a,n={},i=Object.keys(t);for(a=0;a<i.length;a++)r=i[a],e.indexOf(r)>=0||(n[r]=t[r]);return n}(t,e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(t);for(a=0;a<i.length;a++)r=i[a],e.indexOf(r)>=0||Object.prototype.propertyIsEnumerable.call(t,r)&&(n[r]=t[r])}return n}var p=a.createContext({}),d=function(t){var e=a.useContext(p),r=e;return t&&(r="function"==typeof t?t(e):l(l({},e),t)),r},m=function(t){var e=d(t.components);return a.createElement(p.Provider,{value:e},t.children)},s="mdxType",k={inlineCode:"code",wrapper:function(t){var e=t.children;return a.createElement(a.Fragment,{},e)}},g=a.forwardRef((function(t,e){var r=t.components,n=t.mdxType,i=t.originalType,p=t.parentName,m=o(t,["components","mdxType","originalType","parentName"]),s=d(r),g=n,c=s["".concat(p,".").concat(g)]||s[g]||k[g]||i;return r?a.createElement(c,l(l({ref:e},m),{},{components:r})):a.createElement(c,l({ref:e},m))}));function c(t,e){var r=arguments,n=e&&e.mdxType;if("string"==typeof t||n){var i=r.length,l=new Array(i);l[0]=g;var o={};for(var p in e)hasOwnProperty.call(e,p)&&(o[p]=e[p]);o.originalType=t,o[s]="string"==typeof t?t:n,l[1]=o;for(var d=2;d<i;d++)l[d]=r[d];return a.createElement.apply(null,l)}return a.createElement.apply(null,r)}g.displayName="MDXCreateElement"}}]);