CVE-2021-41972
N/A
N/A
Summary
Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Superset | Apache Superset <= 1.3.1 | affected |
Weaknesses
- CWE-522: CWE-522 Insufficiently Protected Credentials
Workarounds
Upgrade to Apache Superset 1.3.2 or higher
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v
- https://seclists.org/oss-sec/2021/q4/106
References
- https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v
- https://seclists.org/oss-sec/2021/q4/106
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.