oss-sec mailing list archives
[CVE-2020-1932] Apache Incubator Superset user data leak vulnerability
From: daniel gaspar <danielvazgaspar () gmail com>
Date: Mon, 27 Jan 2020 20:36:19 +0000
Severity: Medium Vendor: The Apache Software Foundation Product: Apache Incubator Superset Versions Affected: 0.34.0 0.34.1 0.35.0 0.35.1 Description: Authenticated Apache Superset users are able to retrieve to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset. Mitigation: Superset users with the mentioned affected versions should upgrade to 0.35.2 or higher
Current thread:
- [CVE-2020-1932] Apache Incubator Superset user data leak vulnerability daniel gaspar (Jan 27)