{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T07:27:35.015","vulnerabilities":[{"cve":{"id":"CVE-2022-41703","sourceIdentifier":"security@apache.org","published":"2023-01-16T11:15:10.303","lastModified":"2025-04-08T21:15:44.640","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value).  This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n\n\n"},{"lang":"es","value":"Una vulnerabilidad en el conector SQL Alchemy de Apache Superset permite a un usuario autenticado con acceso de lectura a una base de datos específica agregar subconsultas a los campos WHERE y HAVING que hacen referencia a tablas en la misma base de datos a la que el usuario no debería tener acceso, a pesar de que el usuario tiene la indicador de función \"ALLOW_ADHOC_SUBQUERY\" deshabilitado (valor predeterminado). Este problema afecta a Apache Superset versión 1.5.2 y versiones anteriores y a la versión 2.0.0."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*","versionEndIncluding":"1.5.2","matchCriteriaId":"CD514249-ED9E-45F1-9D50-4A7CE6DB166B"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:superset:2.0.0:-:*:*:*:*:*:*","matchCriteriaId":"35CD3C6F-B3E0-437C-A1D7-EF700C76923C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:superset:2.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"ADD3485B-3FFC-4B60-89F5-E4ECA0C680B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:superset:2.0.0:rc2:*:*:*:*:*:*","matchCriteriaId":"BC060A49-79ED-4539-9E68-EDB15D7F2445"}]}]}],"references":[{"url":"https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}