Multiple GitLab Products Vulnerabilities
May 9, 2024Threat Actor Claims to Have Launched the Biggest Cyberattack on UAE
May 9, 2024Multiple GitLab Products Vulnerabilities
May 9, 2024Threat Actor Claims to Have Launched the Biggest Cyberattack on UAE
May 9, 2024Severity
Medium
Analysis Summary
CVE-2024-28148
Apache Superset could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation. By sending a specially crafted targeted REST API request, an attacker could exploit this vulnerability to access metadata for a datasource, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-28148
Affected Vendors
Affected Products
- Apache Superset 3.0.0
Remediation
Upgrade to the latest version of Apache Superset, available from the Apache Website.