Home > Vulnerability Database > CVE-2024-26016

Mend.io Vulnerability Database

CVE-2024-26016

Good to know:

Date: February 28, 2024

A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue.

Language: Python

Severity Score

4.3

Related Resources (4)

Url: https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-26016

Url: http://www.openwall.com/lists/oss-security/2024/02/28/7

Url: https://www.mend.io/vulnerability-database/CVE-2024-26016

Severity Score

4.3

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version apache-superset - 3.0.4,3.1.1

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-26016

Good to know:

Date: February 28, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?