CVE-2020-1932
N/A
N/A
Summary
An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Superset | 0.34.0 | affected |
| Apache Software Foundation | Apache Superset | 0.34.1 | affected |
| Apache Software Foundation | Apache Superset | 0.35.0 | affected |
| Apache Software Foundation | Apache Superset | 0.35.1 | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.