CVE-2020-1932

Summary

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Superset0.34.0affected
Apache Software FoundationApache Superset0.34.1affected
Apache Software FoundationApache Superset0.35.0affected
Apache Software FoundationApache Superset0.35.1affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References