CVE-2024-53949 Information

Description

Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API.

 issue affects Apache Superset: from 2.0.0 before 4.1.0.

Users are recommended to upgrade to version 4.1.0 which fixes the issue.

Reference

http://www.openwall.com/lists/oss-security/2024/12/09/4 https://lists.apache.org/thread/d3scbwmfpzbpm6npnzdw5y4owtqqyq8d