Improper Default REST API Permission in Apache Superset 2.1.0 Allows Authenticated Gamma Users to Test Database Connections

Improper Default REST API Permission in Apache Superset 2.1.0 Allows Authenticated Gamma Users to Test Database Connections

CVE-2023-36387 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.

Learn more about our Cis Benchmark Audit For Apache Http Server.