Improper Input Validation Vulnerability in Apache Superset Allows for File Reading and Insertion

Summary

The vulnerability in Apache Superset, known as CVE-2024-34693, is a high-risk issue that allows an authenticated attacker to create a MariaDB connection with local_infile enabled. This could potentially lead to the execution of MySQL/MariaDB SQL commands to read files from the server and insert them into a MariaDB database table. The affected versions are Apache Superset before 3.1.3 and version 4.0.0. Users are urged to upgrade to version 4.0.1 or 3.1.3 to address this vulnerability. The potential impact of exploitation includes data manipulation and disclosure. It is classified as a high-risk vulnerability and affected systems include Linux and Unix operating systems. The Common Vulnerability Scoring System (CVSS) has given it a Base Score of 8.1. Exploitations have been reported, making it crucial for users to update their systems promptly. The severity of this vulnerability highlights the need for regular monitoring and prompt patching of affected systems.

News Articles

News.de

CVE-2024-34693

Apache Superset: Update für IT-Sicherheitswarnung (Risiko: hoch)

Für Apache Superset wurde ein Update zur IT-Sicherheitswarnung einer bekannten Schwachstelle veröffentlicht. Wie sich betroffene User verhalten sollten, erfahren Sie hier.

5 months ago

Rewterz

CVE-2024-34693

CVE-2024-34693 – Apache Superset Vulnerability - Rewterz

Apache Superset could allow a remote authenticated attacker to obtain sensitive information, caused by improper input validation.

6 months ago

Refferences