CVE-2023-40610 - OpenCVE

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Superset

Configuration 1 [-]

cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/11/27/2
https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5
https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-11-27T10:22:41.083Z

Updated: 2024-08-02T18:38:51.121Z

Reserved: 2023-08-17T12:56:13.976Z

Link: CVE-2023-40610

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-27T11:15:07.293

Modified: 2024-01-10T17:15:08.717

Link: CVE-2023-40610

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40610", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-08-17T12:56:13.976Z", "datePublished": "2023-11-27T10:22:41.083Z", "dateUpdated": "2024-08-02T18:38:51.121Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Superset", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "2.1.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "LEXFO for Orange Innovation and Orange CERT-CC at Orange group"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.<br><br>"}], "value": "Improper authorization check and possible privilege escalation on Apache Superset\u00a0up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-11-27T10:22:41.083Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/27/2"}, {"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Superset: Privilege escalation with default examples database", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:38:51.121Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/27/2", "tags": ["x_transferred"]}, {"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*", "matchCriteriaId": "15732220-B366-4C92-A7D6-8C5DF4C9CA20", "versionEndExcluding": "2.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper authorization check and possible privilege escalation on Apache Superset\u00a0up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.\n\n"}, {"lang": "es", "value": "Verificaci\u00f3n de autorizaci\u00f3n incorrecta y posible escalada de privilegios en Apache Superset hasta 2.1.2, pero excluy\u00e9ndolo. Utilizando la conexi\u00f3n de base de datos de ejemplos predeterminada que permite el acceso tanto al esquema de ejemplos como a la base de datos de metadatos de Apache Superset, un atacante que utilice una declaraci\u00f3n SQL CTE especialmente manipulada podr\u00eda cambiar los datos de la base de datos de metadatos. Esta debilidad podr\u00eda resultar en la manipulaci\u00f3n de los datos de autenticaci\u00f3n/autorizaci\u00f3n."}], "id": "CVE-2023-40610", "lastModified": "2024-01-10T17:15:08.717", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.0, "source": "security@apache.org", "type": "Secondary"}]}, "published": "2023-11-27T11:15:07.293", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/11/27/2"}, {"source": "security@apache.org", "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security@apache.org", "type": "Primary"}]}