From 30a5370a3073d4e3f3811d326aae1936b5ee019b Mon Sep 17 00:00:00 2001
From: Daniel Gaspar <danielvazgaspar@gmail.com>
Date: Wed, 6 Sep 2023 15:06:03 +0100
Subject: [PATCH] docs: add CVEs for 2.1.1

---
 docs/docs/security/cves.mdx | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/docs/docs/security/cves.mdx b/docs/docs/security/cves.mdx
index 148af09c54c98..95776505372a2 100644
--- a/docs/docs/security/cves.mdx
+++ b/docs/docs/security/cves.mdx
@@ -4,20 +4,34 @@ hide_title: true
 sidebar_position: 2
 ---
 
+#### Version 2.1.1
+
+| CVE            | Title                                                                   | Affected |
+|:---------------|:------------------------------------------------------------------------|---------:|
+| CVE-2023-36387 | Improper API permission for low privilege users                         |  < 2.1.1 |
+| CVE-2023-36388 | Improper API permission for low privilege users allows for SSRF         |  < 2.1.1 |
+| CVE-2023-27523 | Improper data permission validation on Jinja templated queries          |  < 2.1.1 |
+| CVE-2023-27526 | Improper Authorization check on import charts                           |  < 2.1.1 |
+| CVE-2023-39264 | Stack traces enabled by default                                         |  < 2.1.1 |
+| CVE-2023-39265 | Possible Unauthorized Registration of SQLite Database Connections       |  < 2.1.1 |
+| CVE-2023-37941 | Metadata db write access can lead to remote code execution              |  < 2.1.1 |
+| CVE-2023-32672 | SQL parser edge case bypasses data access authorization                 |  < 2.1.1 |
+
+
 #### Version 2.1.0
 
-| CVE            | Title                                                                   | Affected          |
-| :------------- | :---------------------------------------------------------------------- | -----------------:|
-| CVE-2023-25504 | Possible SSRF on import datasets                                        | <= 2.1.0          |
-| CVE-2023-27524 | Session validation vulnerability when using provided default SECRET_KEY | <= 2.1.0          |
-| CVE-2023-27525 | Incorrect default permissions for Gamma role                            | <= 2.1.0          |
-| CVE-2023-30776 | Database connection password leak                                       | <= 2.1.0          |
+| CVE            | Title                                                                   | Affected |
+|:---------------|:------------------------------------------------------------------------|---------:|
+| CVE-2023-25504 | Possible SSRF on import datasets                                        |  < 2.1.0 |
+| CVE-2023-27524 | Session validation vulnerability when using provided default SECRET_KEY |  < 2.1.0 |
+| CVE-2023-27525 | Incorrect default permissions for Gamma role                            |  < 2.1.0 |
+| CVE-2023-30776 | Database connection password leak                                       |  < 2.1.0 |
 
 
 #### Version 2.0.1
 
-| CVE            | Title                                                       | Affected          |
-| :------------- | :---------------------------------------------------------- | -----------------:|
+| CVE            | Title                                                       |          Affected |
+|:---------------|:------------------------------------------------------------|------------------:|
 | CVE-2022-41703 | SQL injection vulnerability in adhoc clauses                | < 2.0.1 or <1.5.2 |
 | CVE-2022-43717 | Cross-Site Scripting on dashboards                          | < 2.0.1 or <1.5.2 |
 | CVE-2022-43718 | Cross-Site Scripting vulnerability on upload forms          | < 2.0.1 or <1.5.2 |