oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-30776: Apache Superset: Database connection password leak

From: Daniel Gaspar <dpgaspar () apache org>
Date: Mon, 24 Apr 2023 14:51:36 +0000
Description:

An authenticated user with specific data permissions could access database connections stored passwords by requesting a 
specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.

References:

https://superset.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-30776
Previous By Date Next
Previous By Thread Next

Current thread: