Security Advisory

CVE-2024-53949

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-12-09 13:35:41

Last updated 2025-02-12 09:34:57

Assigner apache

State PUBLISHED

Description

Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.

← Browse all CVEs View on cve.org ↗