Опубликовано: 02 фев. 2022
Источник: github
Github: Прошло ревью
CVSS4: 7.1
CVSS3: 6.5
Описание
Insufficiently Protected Credentials in Apache Superset
Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher.
Пакеты
Наименование
apache-superset
pip
Затронутые версииВерсия исправления
< 1.4.0
1.4.0
Связанные уязвимости
CVSS3: 6.5
nvd
около 4 лет назад
Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher.