oss-sec mailing list archives

[CVE-2019-12414] Apache Incubator Superset medata data leak vulnerability

From: daniel gaspar <danielvazgaspar () gmail com>
Date: Mon, 16 Dec 2019 14:15:35 +0000

Severity: Low

Vendor:
The Apache Software Foundation

Product:
Apache Incubator Superset

Versions Affected:
Superset < 0.32

Description:
A user can view database names that he has no access to on a dropdown list
in SQLLab

Mitigation:
Superset users with version prior to 0.32 should upgrade to 0.32 or higher

Current thread:

[CVE-2019-12414] Apache Incubator Superset medata data leak vulnerability daniel gaspar (Dec 16)