Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2022-41703

A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag "ALLOW_ADHOC_SUBQUERY" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.9%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2022-41703
  • Apache » Superset » Version: N/A
    cpe:2.3:a:apache:superset:-
  • Apache » Superset » Version: 0.10.0
    cpe:2.3:a:apache:superset:0.10.0
  • Apache » Superset » Version: 0.11.0
    cpe:2.3:a:apache:superset:0.11.0
  • Apache » Superset » Version: 0.12.0
    cpe:2.3:a:apache:superset:0.12.0
  • Apache » Superset » Version: 0.13.0
    cpe:2.3:a:apache:superset:0.13.0
  • Apache » Superset » Version: 0.13.1
    cpe:2.3:a:apache:superset:0.13.1
  • Apache » Superset » Version: 0.13.2
    cpe:2.3:a:apache:superset:0.13.2
  • Apache » Superset » Version: 0.14.0
    cpe:2.3:a:apache:superset:0.14.0
  • Apache » Superset » Version: 0.14.1
    cpe:2.3:a:apache:superset:0.14.1
  • Apache » Superset » Version: 0.15.0
    cpe:2.3:a:apache:superset:0.15.0
  • Apache » Superset » Version: 0.15.1
    cpe:2.3:a:apache:superset:0.15.1
  • Apache » Superset » Version: 0.15.2
    cpe:2.3:a:apache:superset:0.15.2
  • Apache » Superset » Version: 0.15.3
    cpe:2.3:a:apache:superset:0.15.3
  • Apache » Superset » Version: 0.15.4
    cpe:2.3:a:apache:superset:0.15.4
  • Apache » Superset » Version: 0.15.4.1
    cpe:2.3:a:apache:superset:0.15.4.1
  • Apache » Superset » Version: 0.16.0
    cpe:2.3:a:apache:superset:0.16.0
  • Apache » Superset » Version: 0.16.1
    cpe:2.3:a:apache:superset:0.16.1
  • Apache » Superset » Version: 0.17.0
    cpe:2.3:a:apache:superset:0.17.0
  • Apache » Superset » Version: 0.17.1
    cpe:2.3:a:apache:superset:0.17.1
  • Apache » Superset » Version: 0.17.2
    cpe:2.3:a:apache:superset:0.17.2
  • Apache » Superset » Version: 0.17.3
    cpe:2.3:a:apache:superset:0.17.3
  • Apache » Superset » Version: 0.17.4
    cpe:2.3:a:apache:superset:0.17.4
  • Apache » Superset » Version: 0.17.5
    cpe:2.3:a:apache:superset:0.17.5
  • Apache » Superset » Version: 0.17.6
    cpe:2.3:a:apache:superset:0.17.6
  • Apache » Superset » Version: 0.18.0
    cpe:2.3:a:apache:superset:0.18.0
  • Apache » Superset » Version: 0.18.2
    cpe:2.3:a:apache:superset:0.18.2
  • Apache » Superset » Version: 0.18.3
    cpe:2.3:a:apache:superset:0.18.3
  • Apache » Superset » Version: 0.18.4
    cpe:2.3:a:apache:superset:0.18.4
  • Apache » Superset » Version: 0.18.5
    cpe:2.3:a:apache:superset:0.18.5
  • Apache » Superset » Version: 0.19.0
    cpe:2.3:a:apache:superset:0.19.0
  • Apache » Superset » Version: 0.19.1
    cpe:2.3:a:apache:superset:0.19.1
  • Apache » Superset » Version: 0.2.0
    cpe:2.3:a:apache:superset:0.2.0
  • Apache » Superset » Version: 0.2.1
    cpe:2.3:a:apache:superset:0.2.1
  • Apache » Superset » Version: 0.20.0
    cpe:2.3:a:apache:superset:0.20.0
  • Apache » Superset » Version: 0.20.1
    cpe:2.3:a:apache:superset:0.20.1
  • Apache » Superset » Version: 0.20.2
    cpe:2.3:a:apache:superset:0.20.2
  • Apache » Superset » Version: 0.20.3
    cpe:2.3:a:apache:superset:0.20.3
  • Apache » Superset » Version: 0.20.4
    cpe:2.3:a:apache:superset:0.20.4
  • Apache » Superset » Version: 0.20.5
    cpe:2.3:a:apache:superset:0.20.5
  • Apache » Superset » Version: 0.20.6
    cpe:2.3:a:apache:superset:0.20.6
  • Apache » Superset » Version: 0.21.0
    cpe:2.3:a:apache:superset:0.21.0
  • Apache » Superset » Version: 0.21.1
    cpe:2.3:a:apache:superset:0.21.1
  • Apache » Superset » Version: 0.21.2
    cpe:2.3:a:apache:superset:0.21.2
  • Apache » Superset » Version: 0.22.0
    cpe:2.3:a:apache:superset:0.22.0
  • Apache » Superset » Version: 0.22.1
    cpe:2.3:a:apache:superset:0.22.1
  • Apache » Superset » Version: 0.23.0
    cpe:2.3:a:apache:superset:0.23.0
  • Apache » Superset » Version: 0.23.1
    cpe:2.3:a:apache:superset:0.23.1
  • Apache » Superset » Version: 0.23.2
    cpe:2.3:a:apache:superset:0.23.2
  • Apache » Superset » Version: 0.23.3
    cpe:2.3:a:apache:superset:0.23.3
  • Apache » Superset » Version: 0.24.0
    cpe:2.3:a:apache:superset:0.24.0
  • Apache » Superset » Version: 0.25.0
    cpe:2.3:a:apache:superset:0.25.0
  • Apache » Superset » Version: 0.25.1
    cpe:2.3:a:apache:superset:0.25.1
  • Apache » Superset » Version: 0.25.2
    cpe:2.3:a:apache:superset:0.25.2
  • Apache » Superset » Version: 0.25.3
    cpe:2.3:a:apache:superset:0.25.3
  • Apache » Superset » Version: 0.25.4
    cpe:2.3:a:apache:superset:0.25.4
  • Apache » Superset » Version: 0.25.5
    cpe:2.3:a:apache:superset:0.25.5
  • Apache » Superset » Version: 0.25.6
    cpe:2.3:a:apache:superset:0.25.6
  • Apache » Superset » Version: 0.26.0
    cpe:2.3:a:apache:superset:0.26.0
  • Apache » Superset » Version: 0.26.1
    cpe:2.3:a:apache:superset:0.26.1
  • Apache » Superset » Version: 0.26.2
    cpe:2.3:a:apache:superset:0.26.2
  • Apache » Superset » Version: 0.26.3
    cpe:2.3:a:apache:superset:0.26.3
  • Apache » Superset » Version: 0.27.0
    cpe:2.3:a:apache:superset:0.27.0
  • Apache » Superset » Version: 0.28.0
    cpe:2.3:a:apache:superset:0.28.0
  • Apache » Superset » Version: 0.28.1
    cpe:2.3:a:apache:superset:0.28.1
  • Apache » Superset » Version: 0.29.0
    cpe:2.3:a:apache:superset:0.29.0
  • Apache » Superset » Version: 0.31
    cpe:2.3:a:apache:superset:0.31
  • Apache » Superset » Version: 0.31.0
    cpe:2.3:a:apache:superset:0.31.0
  • Apache » Superset » Version: 0.32
    cpe:2.3:a:apache:superset:0.32
  • Apache » Superset » Version: 0.32.0
    cpe:2.3:a:apache:superset:0.32.0
  • Apache » Superset » Version: 0.33.0
    cpe:2.3:a:apache:superset:0.33.0
  • Apache » Superset » Version: 0.34.0
    cpe:2.3:a:apache:superset:0.34.0
  • Apache » Superset » Version: 0.34.1
    cpe:2.3:a:apache:superset:0.34.1
  • Apache » Superset » Version: 0.35.0
    cpe:2.3:a:apache:superset:0.35.0
  • Apache » Superset » Version: 0.35.1
    cpe:2.3:a:apache:superset:0.35.1
  • Apache » Superset » Version: 0.35.2
    cpe:2.3:a:apache:superset:0.35.2
  • Apache » Superset » Version: 0.36.0
    cpe:2.3:a:apache:superset:0.36.0
  • Apache » Superset » Version: 0.37.0
    cpe:2.3:a:apache:superset:0.37.0
  • Apache » Superset » Version: 0.37.1
    cpe:2.3:a:apache:superset:0.37.1
  • Apache » Superset » Version: 0.37.2
    cpe:2.3:a:apache:superset:0.37.2
  • Apache » Superset » Version: 0.38.0
    cpe:2.3:a:apache:superset:0.38.0
  • Apache » Superset » Version: 0.38.1
    cpe:2.3:a:apache:superset:0.38.1
  • Apache » Superset » Version: 0.4.0
    cpe:2.3:a:apache:superset:0.4.0
  • Apache » Superset » Version: 0.5.0
    cpe:2.3:a:apache:superset:0.5.0
  • Apache » Superset » Version: 0.5.1
    cpe:2.3:a:apache:superset:0.5.1
  • Apache » Superset » Version: 0.5.2
    cpe:2.3:a:apache:superset:0.5.2
  • Apache » Superset » Version: 0.5.3
    cpe:2.3:a:apache:superset:0.5.3
  • Apache » Superset » Version: 0.6.0
    cpe:2.3:a:apache:superset:0.6.0
  • Apache » Superset » Version: 0.6.1
    cpe:2.3:a:apache:superset:0.6.1
  • Apache » Superset » Version: 0.7.0
    cpe:2.3:a:apache:superset:0.7.0
  • Apache » Superset » Version: 0.8.0
    cpe:2.3:a:apache:superset:0.8.0
  • Apache » Superset » Version: 0.8.1
    cpe:2.3:a:apache:superset:0.8.1
  • Apache » Superset » Version: 0.8.2
    cpe:2.3:a:apache:superset:0.8.2
  • Apache » Superset » Version: 0.8.3
    cpe:2.3:a:apache:superset:0.8.3
  • Apache » Superset » Version: 0.8.4
    cpe:2.3:a:apache:superset:0.8.4
  • Apache » Superset » Version: 0.8.5
    cpe:2.3:a:apache:superset:0.8.5
  • Apache » Superset » Version: 0.8.6
    cpe:2.3:a:apache:superset:0.8.6
  • Apache » Superset » Version: 0.8.7
    cpe:2.3:a:apache:superset:0.8.7
  • Apache » Superset » Version: 0.8.8
    cpe:2.3:a:apache:superset:0.8.8
  • Apache » Superset » Version: 0.8.9
    cpe:2.3:a:apache:superset:0.8.9
  • Apache » Superset » Version: 0.9.0
    cpe:2.3:a:apache:superset:0.9.0
  • Apache » Superset » Version: 0.9.1
    cpe:2.3:a:apache:superset:0.9.1
  • Apache » Superset » Version: 1.0.0
    cpe:2.3:a:apache:superset:1.0.0
  • Apache » Superset » Version: 1.0.1
    cpe:2.3:a:apache:superset:1.0.1
  • Apache » Superset » Version: 1.1.0
    cpe:2.3:a:apache:superset:1.1.0
  • Apache » Superset » Version: 1.2.0
    cpe:2.3:a:apache:superset:1.2.0
  • Apache » Superset » Version: 1.3.0
    cpe:2.3:a:apache:superset:1.3.0
  • Apache » Superset » Version: 1.3.1
    cpe:2.3:a:apache:superset:1.3.1
  • Apache » Superset » Version: 1.3.2
    cpe:2.3:a:apache:superset:1.3.2
  • Apache » Superset » Version: 1.4.0
    cpe:2.3:a:apache:superset:1.4.0
  • Apache » Superset » Version: 1.4.1
    cpe:2.3:a:apache:superset:1.4.1
  • Apache » Superset » Version: 1.4.2
    cpe:2.3:a:apache:superset:1.4.2
  • Apache » Superset » Version: 1.5.0
    cpe:2.3:a:apache:superset:1.5.0
  • Apache » Superset » Version: 1.5.1
    cpe:2.3:a:apache:superset:1.5.1
  • Apache » Superset » Version: 2.0.0
    cpe:2.3:a:apache:superset:2.0.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved