CVE-2022-41703 - Vulnerability Details - OpenCVE

A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag "ALLOW_ADHOC_SUBQUERY" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Superset

Configuration 1 [-]

OR	cpe:2.3:a:apache:superset::::::::
	cpe:2.3:a:apache:superset:2.0.0:-::::::
	cpe:2.3:a:apache:superset:2.0.0:rc1::::::
	cpe:2.3:a:apache:superset:2.0.0:rc2::::::

No data.

References

Link	Providers
https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-01-16T10:14:01.332Z

Updated: 2024-08-03T12:49:43.809Z

Reserved: 2022-09-28T15:13:03.943Z

Link: CVE-2022-41703

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-16T11:15:10.303

Modified: 2024-11-21T07:23:41.103

Link: CVE-2022-41703

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-41703", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2022-09-28T15:13:03.943Z", "datePublished": "2023-01-16T10:14:01.332Z", "dateUpdated": "2024-08-03T12:49:43.809Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Superset", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "2.0.1", "status": "affected", "version": "2.0.0", "versionType": "semver"}, {"lessThanOrEqual": "1.5.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mingyu Son"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value). <span style=\"background-color: rgb(255, 255, 255);\">This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n</span><br><br>"}], "value": "A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n\n\n"}], "metrics": [{"other": {"content": {"text": "critical"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"description": "SQL injection in certain query object fields", "lang": "en"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-04-11T14:58:51.125Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Superset: SQL injection vulnerability in adhoc clauses", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.809Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD514249-ED9E-45F1-9D50-4A7CE6DB166B", "versionEndIncluding": "1.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:superset:2.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "35CD3C6F-B3E0-437C-A1D7-EF700C76923C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:superset:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "ADD3485B-3FFC-4B60-89F5-E4ECA0C680B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:superset:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "BC060A49-79ED-4539-9E68-EDB15D7F2445", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad en el conector SQL Alchemy de Apache Superset permite a un usuario autenticado con acceso de lectura a una base de datos espec\u00edfica agregar subconsultas a los campos WHERE y HAVING que hacen referencia a tablas en la misma base de datos a la que el usuario no deber\u00eda tener acceso, a pesar de que el usuario tiene la indicador de funci\u00f3n \"ALLOW_ADHOC_SUBQUERY\" deshabilitado (valor predeterminado). Este problema afecta a Apache Superset versi\u00f3n 1.5.2 y versiones anteriores y a la versi\u00f3n 2.0.0."}], "id": "CVE-2022-41703", "lastModified": "2024-11-21T07:23:41.103", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-16T11:15:10.303", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}