'[oss-security] CVE-2023-42505: Apache Superset: Sensitive information disclosure on db connection de'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2023-42505: Apache Superset: Sensitive information disclosure on db connection de
From:       Daniel Gaspar <dpgaspar () apache ! org>
Date:       2023-11-28 16:20:15
Message-ID: 86140d54-a24f-6135-6f1c-d64a241a1006 () apache ! org
[Download RAW message or body]

Affected versions:

- Apache Superset before 3.0.0

Description:

An authenticated user with read permissions on database connections metadata could potentially \
access sensitive information such as the connection's username.

This issue affects Apache Superset before 3.0.0.

Credit:

 Leonel John Erik Angel Torres (finder)

References:

https://superset.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-42505

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic