CVE-2024-23952: 
Apache Superset vulnerability analysis and mitigation

CVE-2024-23952 is a duplicate of CVE-2023-46104, created to correct version ranges for affected Apache Superset installations. The vulnerability affects Apache Superset versions before 2.1.3 and versions 3.0.0 before 3.0.2. The issue was discovered by Dor Konis from GE Vernova (OSS Security).

The vulnerability is classified as Uncontrolled Resource Consumption (CWE-400). It has a CVSS v3.1 base score of 6.5 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The issue can be triggered by an authenticated attacker who uploads a malicious ZIP file when importing databases, dashboards, or datasets (NVD).

When exploited, this vulnerability can lead to uncontrolled resource consumption in the Apache Superset system, potentially affecting system availability. The attack requires authentication but can be executed without user interaction (NVD).

Users should upgrade to Apache Superset version 2.1.3 or later for the 2.x series, or version 3.0.2 or later for the 3.x series to address this vulnerability (OSS Security).

Security researchers have noted that this CVE was potentially misused as it is a duplicate of CVE-2023-46104, with the only change being a correction in the affected version ranges from 'before 3.0.1' to 'before 3.0.2' (OSS Security).