July 2, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple GitLab Products Vulnerabilities
May 9, 2024
Threat Actor Claims to Have Launched the Biggest Cyberattack on UAE
May 9, 2024
Multiple GitLab Products Vulnerabilities
May 9, 2024
Threat Actor Claims to Have Launched the Biggest Cyberattack on UAE
May 9, 2024
Severity
Medium
Analysis Summary
CVE-2024-28148
Apache Superset could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation. By sending a specially crafted targeted REST API request, an attacker could exploit this vulnerability to access metadata for a datasource, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-28148
Affected Vendors
Apache
Affected Products
- Apache Superset 3.0.0
Remediation
Upgrade to the latest version of Apache Superset, available from the Apache Website.