An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/04/24/3 | Mailing List Third Party Advisory |
https://lists.apache.org/thread/s9w9w10mt2sngk3solwnmq5k7md53tsz | Mailing List Vendor Advisory |
Configurations
History
02 May 2023, 20:31
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apache superset
Apache |
|
CPE | cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | CWE-522 | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/04/24/3 - Mailing List, Third Party Advisory | |
References | (MISC) https://lists.apache.org/thread/s9w9w10mt2sngk3solwnmq5k7md53tsz - Mailing List, Vendor Advisory |
24 Apr 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Apr 2023, 16:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-24 16:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-30776
Mitre link : CVE-2023-30776
CVE.ORG link : CVE-2023-30776
JSON object : View
Products Affected
apache
- superset
CWE
CWE-522
Insufficiently Protected Credentials