CVE-2024-24773

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 28, 2024

Updated: Dec 31, 2024

CWE ID 863

Summary

CVE-2024-24773 is a vulnerability affecting Apache Superset versions before 3.0.4 and from 3.1.0 to 3.1.1. This issue stems from an improper handling of nested SQL statements within SQLLab. Authenticated users can exploit this flaw to bypass their designated data authorization scope. To mitigate this risk, it is strongly advised to upgrade to the patched version 3.1.1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Superset

Affected Vendors

Apache Software Foundation
Apache Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uViD_d
https://www.cve.org/CVERecord?id=CVE-2024-24773
https://nvd.nist.gov/vuln/detail/CVE-2024-24773

Back to Vulnerability Database