Skip to content

Apache Superset allowed for database connections password leak for authenticated users

Moderate severity GitHub Reviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Sep 12, 2024

Package

pip apache-superset (pip)

Affected versions

<= 1.3.1

Patched versions

1.3.2

Description

Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.

References

Published by the National Vulnerability Database Nov 12, 2021
Published to the GitHub Advisory Database May 24, 2022
Reviewed Jun 21, 2022
Last updated Sep 12, 2024

Severity

Moderate

EPSS score

0.068%
(31st percentile)

Weaknesses

CVE ID

CVE-2021-41972

GHSA ID

GHSA-42q4-9xf9-f67x

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.