Описание
Apache Superset vulnerable to Exposure of Sensitive Information
An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.
Пакеты
Наименование
apache-superset
pip
Затронутые версииВерсия исправления
>= 1.3.0, < 2.1.0
2.1.0
Связанные уязвимости
CVSS3: 4.9
nvd
почти 3 года назад
An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.