CVE-2020-1932 – apache-superset

Package

Manager: pip
Name: apache-superset
Vulnerable Version: >=0.34.0 <0.35.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00234 pctl0.4617

Details

Information disclosure in Apache Superset An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.

Metadata

Created: 2020-02-26T19:54:57Z
Modified: 2024-09-05T21:34:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/02/GHSA-fxjm-wvj9-9c39/GHSA-fxjm-wvj9-9c39.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-fxjm-wvj9-9c39
Finding: F038
Auto approve: 1