Total
44 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-1932 | 1 Apache | 1 Superset | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset. | |||||
CVE-2019-12413 | 1 Apache | 1 Superset | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query. | |||||
CVE-2019-12414 | 1 Apache | 1 Superset | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab | |||||
CVE-2018-8021 | 1 Apache | 1 Superset | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation. |