QwikSec

Security Database

CVE

CWE

Training

CVE-2024-53949

Published: Dec 9, 2024

Modified: Feb 12, 2025

PUBLISHED

Description

Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.

Vendor	Product	Versions
Apache Software Foundation	Apache Superset	affected `2.0.0 - < 4.1.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/d3scbwmfpzbpm6npnzdw5y4owtqqyq8d

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.