CVE-2024-36886 – Linux Kernel Zero-Day Vulnerability
June 21, 2024Attackers Actively Exploit SolarWinds Serv-U Path Traversal Vulnerability
June 21, 2024CVE-2024-36886 – Linux Kernel Zero-Day Vulnerability
June 21, 2024Attackers Actively Exploit SolarWinds Serv-U Path Traversal Vulnerability
June 21, 2024Severity
Medium
Analysis Summary
CVE-2024-34693
Apache Superset could allow a remote authenticated attacker to obtain sensitive information, caused by improper input validation. By sending a specially crafted targeted request, an attacker could exploit this vulnerability to create a MariaDB connection with local_infile enabled and execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.
Impact
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-34693
Affected Vendors
Affected Products
- Apache Superset 3.0.0
- Apache Superset 4.0.0
Remediation
Upgrade to the latest version of Superset, available from the Apache Website.