CVE-2023-36387 Information

Description

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.

Reference

https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3