CVE-2023-42504

Description

An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Affected products

Apache Software Foundation / Apache Superset0 – 3.0.0

References

MAILING_LISThttps://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l
MAILING_LISThttp://www.openwall.com/lists/oss-security/2023/11/28/6