docs: add CVEs for 2.1.1 (#25206)

2023-09-06 15:39:14 +01:00 · 2023-09-06 15:39:14 +01:00 · 251ce2ed2a
parent 78b8e9421e
commit 251ce2ed2a
1 changed files with 22 additions and 8 deletions
--- a/docs/docs/security/cves.mdx
+++ b/docs/docs/security/cves.mdx
@ -4,20 +4,34 @@ hide_title: true
 sidebar_position: 2
 ---

+#### Version 2.1.1
+
+| CVE            | Title                                                                   | Affected |
+|:---------------|:------------------------------------------------------------------------|---------:|
+| CVE-2023-36387 | Improper API permission for low privilege users                         |  < 2.1.1 |
+| CVE-2023-36388 | Improper API permission for low privilege users allows for SSRF         |  < 2.1.1 |
+| CVE-2023-27523 | Improper data permission validation on Jinja templated queries          |  < 2.1.1 |
+| CVE-2023-27526 | Improper Authorization check on import charts                           |  < 2.1.1 |
+| CVE-2023-39264 | Stack traces enabled by default                                         |  < 2.1.1 |
+| CVE-2023-39265 | Possible Unauthorized Registration of SQLite Database Connections       |  < 2.1.1 |
+| CVE-2023-37941 | Metadata db write access can lead to remote code execution              |  < 2.1.1 |
+| CVE-2023-32672 | SQL parser edge case bypasses data access authorization                 |  < 2.1.1 |
+
+
 #### Version 2.1.0

-| CVE            | Title                                                                   | Affected          |
-| :------------- | :---------------------------------------------------------------------- | -----------------:|
-| CVE-2023-25504 | Possible SSRF on import datasets                                        | <= 2.1.0          |
-| CVE-2023-27524 | Session validation vulnerability when using provided default SECRET_KEY | <= 2.1.0          |
-| CVE-2023-27525 | Incorrect default permissions for Gamma role                            | <= 2.1.0          |
-| CVE-2023-30776 | Database connection password leak                                       | <= 2.1.0          |
+| CVE            | Title                                                                   | Affected |
+|:---------------|:------------------------------------------------------------------------|---------:|
+| CVE-2023-25504 | Possible SSRF on import datasets                                        |  < 2.1.0 |
+| CVE-2023-27524 | Session validation vulnerability when using provided default SECRET_KEY |  < 2.1.0 |
+| CVE-2023-27525 | Incorrect default permissions for Gamma role                            |  < 2.1.0 |
+| CVE-2023-30776 | Database connection password leak                                       |  < 2.1.0 |


 #### Version 2.0.1

-| CVE            | Title                                                       | Affected          |
-| :------------- | :---------------------------------------------------------- | -----------------:|
+| CVE            | Title                                                       |          Affected |
+|:---------------|:------------------------------------------------------------|------------------:|
 | CVE-2022-41703 | SQL injection vulnerability in adhoc clauses                | < 2.0.1 or <1.5.2 |
 | CVE-2022-43717 | Cross-Site Scripting on dashboards                          | < 2.0.1 or <1.5.2 |
 | CVE-2022-43718 | Cross-Site Scripting vulnerability on upload forms          | < 2.0.1 or <1.5.2 |