Описание
An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.
This issue affects Apache Superset before 3.0.0.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.0 (исключая)
cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 4.3
github
около 2 лет назад
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability
EPSS
Процентиль: 13%
0.00044
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-noinfo