oss-sec mailing list archives
CVE-2021-41972: Apache Superset: Credentials leak
From: Daniel Gaspar <dpgaspar () apache org>
Date: Thu, 11 Nov 2021 13:28:07 +0000
Description: Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Mitigation: Upgrade to Apache Superset 1.3.2 or higher Credit: Apache Superset team would like to thank Ke Zhu for reporting this issue
Current thread:
- CVE-2021-41972: Apache Superset: Credentials leak Daniel Gaspar (Nov 11)