Login Sign Up

CVE-2023-49734

7.7 HIGH

📋 TL;DR

This vulnerability allows authenticated Gamma users in Apache Superset to gain unauthorized write permissions to charts they create on dashboards. The flaw enables privilege escalation where users can modify charts they shouldn't have write access to. This affects Apache Superset versions before 2.1.2 and versions 3.0.0 through 3.0.1.

💻 Affected Systems

Products:
  • Apache Superset
Versions: Before 2.1.2, 3.0.0 through 3.0.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated Gamma role user; affects all deployments with vulnerable versions regardless of configuration.

📦 What is this software?

Superset by Apache

View all CVEs affecting Superset →

Superset by Apache

View all CVEs affecting Superset →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Gamma users could modify or delete critical business intelligence charts, potentially altering data visualizations that inform business decisions or injecting malicious content.

🟠

Likely Case

Gamma users unintentionally or intentionally modify charts they created but shouldn't have ongoing write access to, causing data integrity issues.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to minor data visualization inconsistencies that can be audited and corrected.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated Gamma user access; the vulnerability is inherent to the permission logic.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.3 or 3.0.2

Vendor Advisory: https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5

Restart Required: Yes

Instructions:

1. Backup your Superset instance. 2. Upgrade to Apache Superset 2.1.3 or 3.0.2 using pip: 'pip install apache-superset==3.0.2'. 3. Run database migrations: 'superset db upgrade'. 4. Restart the Superset service.

🔧 Temporary Workarounds

Restrict Gamma User Dashboard Creation

all

Temporarily remove dashboard creation permissions from Gamma role users

superset init
Edit roles in Superset UI to remove 'can_write on Dashboard' from Gamma role

🧯 If You Can't Patch

  • Implement strict access controls to limit Gamma users' dashboard creation capabilities
  • Enable detailed audit logging for all chart modification activities and monitor for unauthorized changes

🔍 How to Verify

Check if Vulnerable:

Check Superset version: if version is <2.1.2 or between 3.0.0-3.0.1, system is vulnerable

Check Version:

superset version

Verify Fix Applied:

After upgrade, verify version is 2.1.3 or 3.0.2+ and test that Gamma users cannot retain write permissions on charts they create

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized chart modification events by Gamma users
  • Dashboard permission changes for Gamma role

Network Indicators:

  • API calls to modify charts from Gamma-privileged accounts

SIEM Query:

source="superset" action="save" user.role="Gamma" chart_id=*

📊 Metadata

CVE ID: CVE-2023-49734
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
CWE: CWE-863
Published: December 19, 2023
Last Updated: February 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-49734, you might also want to check these:

CVE-2023-4617 10.0

This vulnerability allows remote attackers to bypass authorization controls in the Govee Home mobile...

Same vulnerability type (CWE-863)
CVE-2025-54253 10.0

CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that a...

Same vulnerability type (CWE-863)
CVE-2021-38503 10.0

This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesh...

Same vulnerability type (CWE-863)