Affected versions: - Apache Superset 2.0.0 before 4.1.0
Description: Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue. Credit: Jonathan Zimmerman (reporter) Hugh Miles (remediation developer) References: https://superset.apache.org https://www.cve.org/CVERecord?id=CVE-2024-53949
