CVE-2021-41972 – apache-superset

Package

Manager: pip
Name: apache-superset
Vulnerable Version: >=0 <1.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00248 pctl0.47952

Details

Apache Superset allowed for database connections password leak for authenticated users Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.

Metadata

Created: 2022-05-24T19:20:31Z
Modified: 2024-11-18T16:26:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-42q4-9xf9-f67x/GHSA-42q4-9xf9-f67x.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-42q4-9xf9-f67x
Finding: F035
Auto approve: 1