oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2021-44451: Apache Superset: API sensitive information leak

From: Daniel Gaspar <dpgaspar () apache org>
Date: Tue, 01 Feb 2022 09:09:24 +0000
Description:

Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated 
users. This information could be accessed in a non-trivial way.

Mitigation:

Upgrade to Apache Superset 1.4.0 or higher.

Credit:

Found and reported by Cesar Santos
Previous By Date Next
Previous By Thread Next

Current thread: