Russian Vulnerability Scanner Database

Back to List

CVE-2023-37941

Scores

EPSS

0.842high84.2%
0%20%40%60%80%100%

Percentile: 84.2%

CVSS

6.6medium3.x
0246810

CVSS Score: 6.6/10

All CVSS Scores

CVSS 3.x
6.6

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset’s web backend.

The Superset metadata db is an ‘internal’ component that is typically
only accessible directly by the system administrator and the superset
process itself. Gaining access to that database should
be difficult and require significant privileges.

This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

CWEs

CWE-502

Related Vulnerabilities

BDU:2023-05589

Exploits

Exploit ID: CVE-2023-37941

Source: github-poc

URL: https://github.com/Barroqueiro/CVE-2023-37941

Vulnerable Software (1)

Type: Configuration

Vendor: *

Product: superset

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",      "versionEndIncluding": "2.1.0",      "versionStartIncluding": "1.5.0",      "vulnerable": true    }  ]...

Source: nvd

End of list