Google Git
Sign in
apache / superset-site / 306a14f27f4592c9a8265be93c942ea31d14bee0 / . / assets / js / dd0670d3.d6ac00b2.js
blob: 189c34337e43a5565aa61c7ffed7bae7ec25b7b1 [file] [log] [blame]
"use strict";(self.webpackChunkdocs_v_2=self.webpackChunkdocs_v_2||[]).push([[742],{55296:(t,e,r)=>{r.r(e),r.d(e,{assets:()=>p,contentTitle:()=>l,default:()=>m,frontMatter:()=>i,metadata:()=>o,toc:()=>s});var a=r(83117),n=(r(67294),r(3905));const i={title:"CVEs by release",hide_title:!0,sidebar_position:2},l=void 0,o={unversionedId:"security/cves",id:"security/cves",title:"CVEs by release",description:"Version 2.1.0",source:"@site/docs/security/cves.mdx",sourceDirName:"security",slug:"/security/cves",permalink:"/docs/security/cves",draft:!1,editUrl:"https://github.com/apache/superset/tree/master/docs/docs/security/cves.mdx",tags:[],version:"current",sidebarPosition:2,frontMatter:{title:"CVEs by release",hide_title:!0,sidebar_position:2},sidebar:"tutorialSidebar",previous:{title:"Role based Access",permalink:"/docs/security/"}},p={},s=[{value:"Version 2.1.0",id:"version-210",level:4},{value:"Version 2.0.1",id:"version-201",level:4}],d={toc:s},c="wrapper";function m(t){let{components:e,...r}=t;return(0,n.kt)(c,(0,a.Z)({},d,r,{components:e,mdxType:"MDXLayout"}),(0,n.kt)("h4",{id:"version-210"},"Version 2.1.0"),(0,n.kt)("table",null,(0,n.kt)("thead",{parentName:"table"},(0,n.kt)("tr",{parentName:"thead"},(0,n.kt)("th",{parentName:"tr",align:"left"},"CVE"),(0,n.kt)("th",{parentName:"tr",align:"left"},"Title"),(0,n.kt)("th",{parentName:"tr",align:"right"},"Affected"))),(0,n.kt)("tbody",{parentName:"table"},(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-25504"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Possible SSRF on import datasets"),(0,n.kt)("td",{parentName:"tr",align:"right"},"<= 2.1.0")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-27524"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Session validation vulnerability when using provided default SECRET_KEY"),(0,n.kt)("td",{parentName:"tr",align:"right"},"<= 2.1.0")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-27525"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Incorrect default permissions for Gamma role"),(0,n.kt)("td",{parentName:"tr",align:"right"},"<= 2.1.0")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2023-30776"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Database connection password leak"),(0,n.kt)("td",{parentName:"tr",align:"right"},"<= 2.1.0")))),(0,n.kt)("h4",{id:"version-201"},"Version 2.0.1"),(0,n.kt)("table",null,(0,n.kt)("thead",{parentName:"table"},(0,n.kt)("tr",{parentName:"thead"},(0,n.kt)("th",{parentName:"tr",align:"left"},"CVE"),(0,n.kt)("th",{parentName:"tr",align:"left"},"Title"),(0,n.kt)("th",{parentName:"tr",align:"right"},"Affected"))),(0,n.kt)("tbody",{parentName:"table"},(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2022-41703"),(0,n.kt)("td",{parentName:"tr",align:"left"},"SQL injection vulnerability in adhoc clauses"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.0.1 or <1.5.2")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2022-43717"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Cross-Site Scripting on dashboards"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.0.1 or <1.5.2")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2022-43718"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Cross-Site Scripting vulnerability on upload forms"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.0.1 or <1.5.2")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2022-43719"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Cross Site Request Forgery (CSRF) on accept, request access"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.0.1 or <1.5.2")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2022-43720"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Improper rendering of user input"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.0.1 or <1.5.2")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2022-43721"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Open Redirect Vulnerability"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.0.1 or <1.5.2")),(0,n.kt)("tr",{parentName:"tbody"},(0,n.kt)("td",{parentName:"tr",align:"left"},"CVE-2022-45438"),(0,n.kt)("td",{parentName:"tr",align:"left"},"Dashboard metadata information leak"),(0,n.kt)("td",{parentName:"tr",align:"right"},"< 2.0.1 or <1.5.2")))))}m.isMDXComponent=!0},3905:(t,e,r)=>{r.d(e,{Zo:()=>d,kt:()=>u});var a=r(67294);function n(t,e,r){return e in t?Object.defineProperty(t,e,{value:r,enumerable:!0,configurable:!0,writable:!0}):t[e]=r,t}function i(t,e){var r=Object.keys(t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(t);e&&(a=a.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),r.push.apply(r,a)}return r}function l(t){for(var e=1;e<arguments.length;e++){var r=null!=arguments[e]?arguments[e]:{};e%2?i(Object(r),!0).forEach((function(e){n(t,e,r[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(r)):i(Object(r)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(r,e))}))}return t}function o(t,e){if(null==t)return{};var r,a,n=function(t,e){if(null==t)return{};var r,a,n={},i=Object.keys(t);for(a=0;a<i.length;a++)r=i[a],e.indexOf(r)>=0||(n[r]=t[r]);return n}(t,e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(t);for(a=0;a<i.length;a++)r=i[a],e.indexOf(r)>=0||Object.prototype.propertyIsEnumerable.call(t,r)&&(n[r]=t[r])}return n}var p=a.createContext({}),s=function(t){var e=a.useContext(p),r=e;return t&&(r="function"==typeof t?t(e):l(l({},e),t)),r},d=function(t){var e=s(t.components);return a.createElement(p.Provider,{value:e},t.children)},c="mdxType",m={inlineCode:"code",wrapper:function(t){var e=t.children;return a.createElement(a.Fragment,{},e)}},f=a.forwardRef((function(t,e){var r=t.components,n=t.mdxType,i=t.originalType,p=t.parentName,d=o(t,["components","mdxType","originalType","parentName"]),c=s(r),f=n,u=c["".concat(p,".").concat(f)]||c[f]||m[f]||i;return r?a.createElement(u,l(l({ref:e},d),{},{components:r})):a.createElement(u,l({ref:e},d))}));function u(t,e){var r=arguments,n=e&&e.mdxType;if("string"==typeof t||n){var i=r.length,l=new Array(i);l[0]=f;var o={};for(var p in e)hasOwnProperty.call(e,p)&&(o[p]=e[p]);o.originalType=t,o[c]="string"==typeof t?t:n,l[1]=o;for(var s=2;s<i;s++)l[s]=r[s];return a.createElement.apply(null,l)}return a.createElement.apply(null,r)}f.displayName="MDXCreateElement"}}]);