oss-sec mailing list archives
CVE-2023-30776: Apache Superset: Database connection password leak
From: Daniel Gaspar <dpgaspar () apache org>
Date: Mon, 24 Apr 2023 14:51:36 +0000
Description: An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1. References: https://superset.apache.org https://www.cve.org/CVERecord?id=CVE-2023-30776
Current thread:
- CVE-2023-30776: Apache Superset: Database connection password leak Daniel Gaspar (Apr 24)