CVE-2021-44451 – apache-superset

Package

Manager: pip
Name: apache-superset
Vulnerable Version: >=0 <1.4.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.68131 pctl0.98544

Details

Insufficiently Protected Credentials in Apache Superset Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher.

Metadata

Created: 2022-02-02T00:01:46Z
Modified: 2024-11-18T16:26:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-hhm3-48h2-597v/GHSA-hhm3-48h2-597v.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-hhm3-48h2-597v
Finding: F035
Auto approve: 1