CVE-2023-27525

MEDIUM4.3EPSS 0.53%

Apache Superset: Incorrect default permissions for Gamma role

Published: 4/17/2023Modified: 5/20/2025

Description

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1

Affected packages (2)

Bitnami/supersetfrom 0, < 2.0.2
PyPI/apache-supersetfrom 0, <= 2.0.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-27525
PATCHhttps://github.com/apache/superset
WEBhttps://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77