Apache Superset Security Update Advisory (CVE-2024-53949)

Dec 13 2024

Overview

An update has been released to address vulnerabilities in Apache Superset. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-53949

Apache Superset versions: version 2.0.0 prior to 4.1.0

Resolved Vulnerabilities

Vulnerability (CVE-2024-53949) in Apache Superset where the FAB_ADD_SECURITY_API, which is disabled by default, could be exploited by a low privileged user if enabled

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-53949

Apache Superset version: 4.1.0

Referenced Sites

[1] CVE-2024-53949 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-53949

[2] CVE-2024-53949: Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled

https://lists.apache.org/thread/d3scbwmfpzbpm6npnzdw5y4owtqqyq8d

Apache Superset Security Update Advisory (CVE-2024-53949)

Openwrt ASU Security Update Advisory (CVE-2024-54143)

Cleo Product Security Update Advisory (CVE-2024-50623)

Tags:

Openwrt ASU Security Update Advisory (CVE-2024-54143)

Cleo Product Security Update Advisory (CVE-2024-50623)