======================================================================

                                CERT-Renater

                    Note d'Information No. 2024/VULN291
_____________________________________________________________________

DATE                : 24/06/2024

HARDWARE PLATFORM(S): /
     OPERATING SYSTEM(S): Systems running Apache Superset versions
                                  prior to 4.0.1, 3.1.3.

=====================================================================
https://lists.apache.org/thread/6zhq3hhkfsj4753mvczjgg8dmnc4zqcr
_____________________________________________________________________

CVE-2024-34693: Apache Superset: Server arbitrary file read
Affected versions:

- Apache Superset before 3.1.3
- Apache Superset 4.0.0 before 4.0.1

Description:

Improper Input Validation vulnerability in Apache Superset, allows
for an authenticated attacker to create a MariaDB connection with
local_infile enabled. If both the MariaDB server (off by default)
and the local mysql client on the web server are set to allow for
local infile, it's possible for the attacker to execute a specific
MySQL/MariaDB SQL command that is able to read files from the
server and insert their content on a MariaDB database table.This
issue affects Apache Superset: before 3.1.3 and version 4.0.0

Users are recommended to upgrade to version 4.0.1 or 3.1.3, which
fixes the issue.


Credit:

Matei "Mal" Badanoiu (finder)
Daniel Vaz Gaspar (remediation developer)


References:

https://superset.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-34693


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================