Vulnerabilities > Apache > Superset > 2.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-24 | CVE-2023-27524 | Insecure Default Initialization of Resource vulnerability in Apache Superset Session Validation attacks in Apache Superset versions up to and including 2.0.1. | 9.8 |
| 2023-04-24 | CVE-2023-30776 | Unspecified vulnerability in Apache Superset An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1. | 6.5 |
| 2023-04-17 | CVE-2023-25504 | Server-Side Request Forgery (SSRF) vulnerability in Apache Superset A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. | 6.5 |
| 2023-04-17 | CVE-2023-27525 | Unspecified vulnerability in Apache Superset An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1 | 4.3 |