{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T07:28:16.423","vulnerabilities":[{"cve":{"id":"CVE-2023-42501","sourceIdentifier":"security@apache.org","published":"2023-11-27T11:15:07.743","lastModified":"2025-02-13T17:17:08.593","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.\nThis issue affects Apache Superset: before 2.1.2.\nUsers should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources."},{"lang":"es","value":"Los permisos de lectura innecesarios dentro de la función Gamma permitirían a los usuarios autenticados leer plantillas y anotaciones CSS configuradas. Este problema afecta a Apache Superset: antes de 2.1.2. Los usuarios deben actualizar a la versión 2.1.2 o superior y ejecutar `superset init` para reconstruir la función Gamma o eliminar el permiso `can_read` de los recursos mencionados."}],"metrics":{"cvssMetricV31":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.1","matchCriteriaId":"70A1ED21-6FFF-43FF-8F10-B3C97E01A2DA"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/11/27/3","source":"security@apache.org","tags":["Mailing List"]},{"url":"https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh","source":"security@apache.org","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2023/11/27/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]}]}}]}