CVE-2024-24779

CVSS 3.1 Score 5.0 of 10 (medium)

Details

Published Feb 28, 2024
CWE ID 863

Summary

CVE-2024-24779 is a vulnerability in Apache Superset before versions 3.0.4 and 3.1.1. It affects users with custom roles that include "can write on dataset" but without all data access permissions, allowing them to create virtual datasets to access unauthorized data. The recommended remediation is to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. The vulnerability has a base severity of MEDIUM, with a base score of 5.0, and a confidentiality impact of LOW according to the Common Vulnerability Scoring System (CVSS) rating provided by security@apache.org.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-24779 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options