This page collects WhisperX intelligence signals tagged #improper-authorization. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical improper authorization vulnerability has been identified in Apache Superset, the open-source data visualization platform. The flaw, which resides in the framework's FAB_ADD_SECURITY_API functionality, permits users with lower privilege levels to interact with administrative role-creation endpoints that shoul...
A critical improper authorization vulnerability has been identified in Apache Superset when the FAB_ADD_SECURITY_API configuration is enabled, allowing lower-privilege users to create roles through the API. The security flaw, tracked as a significant access control failure, affects versions from 2.0.0 up to but not inc...
A critical improper authorization vulnerability in Apache Superset enabled lower-privilege users to create roles when the FAB_ADD_SECURITY_API feature flag was activated. The flaw, documented in the project's security advisories, allowed authenticated users with restricted permissions to bypass intended access controls...