oss-sec mailing list archives
CVE-2021-44451: Apache Superset: API sensitive information leak
From: Daniel Gaspar <dpgaspar () apache org>
Date: Tue, 01 Feb 2022 09:09:24 +0000
Description: Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Mitigation: Upgrade to Apache Superset 1.4.0 or higher. Credit: Found and reported by Cesar Santos
Current thread:
- CVE-2021-44451: Apache Superset: API sensitive information leak Daniel Gaspar (Feb 01)