oss-sec mailing list archives

CVE-2023-42505: Apache Superset: Sensitive information disclosure on db connection details

From: Daniel Gaspar <dpgaspar () apache org>
Date: Tue, 28 Nov 2023 16:20:15 +0000

Affected versions:

- Apache Superset before 3.0.0

Description:

An authenticated user with read permissions on database connections metadata could potentially access sensitive 
information such as the connection's username.

This issue affects Apache Superset before 3.0.0.

Credit:

 Leonel John Erik Angel Torres (finder)

References:

https://superset.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-42505

Current thread:

CVE-2023-42505: Apache Superset: Sensitive information disclosure on db connection details Daniel Gaspar (Nov 28)