superset icon indicating copy to clipboard operation
superset copied to clipboard

Published 20 hours ago verified publisher icon apache

Charts reinserted into dashboards they were deleted from after save(overwrite)

Open C-monC opened this issue 2 years ago • 1 comments

Hi,

Reproduction steps: Dashboard A and dashboard B had chart A in. Delete chart A from dashboard B. Modify chart A and save(overwrite) Chart A then reappears in dashboard B.

I can see there is a link to dashboard B in the columns query_context and params: ....,"conditional_formatting":[],"extra_form_data":{},"dashboards":[11,42],"force":false,"result_format":"json...... Dashboard B has id 11 and Dashboard A has id 42.

The dashboard column does not include the chart A anywhere. Searched for the id in its json columns.

A workaround is just recreating the chart and not inserting into dashboard B. This is a major security concern because there's no indication it happened. I need to manually review dashboards to look for data leakage.

C-monC avatar Sep 12 '22 08:09 C-monC

This also blocks saving if the dashboard does not exist - Response "Dashboard does not exist".

C-monC avatar Sep 12 '22 13:09 C-monC

I think this was fixed in https://github.com/apache/superset/pull/21497. Let me know if you can still reproduce!

codyml avatar Oct 06 '22 20:10 codyml

This was fixed, thanks.

C-monC avatar Apr 27 '23 13:04 C-monC