Skip to main content

Version 2.1.1

CVETitleAffected
CVE-2023-36387Improper API permission for low privilege users< 2.1.1
CVE-2023-36388Improper API permission for low privilege users allows for SSRF< 2.1.1
CVE-2023-27523Improper data permission validation on Jinja templated queries< 2.1.1
CVE-2023-27526Improper Authorization check on import charts< 2.1.1
CVE-2023-39264Stack traces enabled by default< 2.1.1
CVE-2023-39265Possible Unauthorized Registration of SQLite Database Connections< 2.1.1
CVE-2023-37941Metadata db write access can lead to remote code execution< 2.1.1
CVE-2023-32672SQL parser edge case bypasses data access authorization< 2.1.1

Version 2.1.0

CVETitleAffected
CVE-2023-25504Possible SSRF on import datasets< 2.1.0
CVE-2023-27524Session validation vulnerability when using provided default SECRET_KEY< 2.1.0
CVE-2023-27525Incorrect default permissions for Gamma role< 2.1.0
CVE-2023-30776Database connection password leak< 2.1.0

Version 2.0.1

CVETitleAffected
CVE-2022-41703SQL injection vulnerability in adhoc clauses< 2.0.1 or <1.5.2
CVE-2022-43717Cross-Site Scripting on dashboards< 2.0.1 or <1.5.2
CVE-2022-43718Cross-Site Scripting vulnerability on upload forms< 2.0.1 or <1.5.2
CVE-2022-43719Cross Site Request Forgery (CSRF) on accept, request access< 2.0.1 or <1.5.2
CVE-2022-43720Improper rendering of user input< 2.0.1 or <1.5.2
CVE-2022-43721Open Redirect Vulnerability< 2.0.1 or <1.5.2
CVE-2022-45438Dashboard metadata information leak< 2.0.1 or <1.5.2