oss-sec mailing list archives
CVE-2023-42505: Apache Superset: Sensitive information disclosure on db connection details
From: Daniel Gaspar <dpgaspar () apache org>
Date: Tue, 28 Nov 2023 16:20:15 +0000
Affected versions: - Apache Superset before 3.0.0 Description: An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0. Credit: Leonel John Erik Angel Torres (finder) References: https://superset.apache.org https://www.cve.org/CVERecord?id=CVE-2023-42505
Current thread:
- CVE-2023-42505: Apache Superset: Sensitive information disclosure on db connection details Daniel Gaspar (Nov 28)