QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-08 01:15:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b45f719c2b93a7aac63b2065e64c95972225e2ea
superset2/docs/docs/security/cves.mdx
Daniel Vaz Gaspar d92f9a73d2 docs: update security policy and add CVE info (#24769) 
(cherry picked from commit 165afee55a)
2023-07-26 16:50:57 -03:00

28 lines
1.7 KiB
Plaintext
Raw Blame History

---
title: CVEs by release
hide_title: true
sidebar_position: 2
---
#### Version 2.1.0
| CVE | Title | Affected |
| :------------- | :---------------------------------------------------------------------- | -----------------:|
| CVE-2023-25504 | Possible SSRF on import datasets | <= 2.1.0 |
| CVE-2023-27524 | Session validation vulnerability when using provided default SECRET_KEY | <= 2.1.0 |
| CVE-2023-27525 | Incorrect default permissions for Gamma role | <= 2.1.0 |
| CVE-2023-30776 | Database connection password leak | <= 2.1.0 |
#### Version 2.0.1
| CVE | Title | Affected |
| :------------- | :---------------------------------------------------------- | -----------------:|
| CVE-2022-41703 | SQL injection vulnerability in adhoc clauses | < 2.0.1 or <1.5.2 |
| CVE-2022-43717 | Cross-Site Scripting on dashboards | < 2.0.1 or <1.5.2 |
| CVE-2022-43718 | Cross-Site Scripting vulnerability on upload forms | < 2.0.1 or <1.5.2 |
| CVE-2022-43719 | Cross Site Request Forgery (CSRF) on accept, request access | < 2.0.1 or <1.5.2 |
| CVE-2022-43720 | Improper rendering of user input | < 2.0.1 or <1.5.2 |
| CVE-2022-43721 | Open Redirect Vulnerability | < 2.0.1 or <1.5.2 |
| CVE-2022-45438 | Dashboard metadata information leak | < 2.0.1 or <1.5.2 |
Reference in New Issue View Git Blame Copy Permalink