Skip to content

Insufficiently Protected Credentials in Apache Superset

Moderate severity GitHub Reviewed Published Feb 2, 2022 to the GitHub Advisory Database • Updated Sep 12, 2024

Package

pip apache-superset (pip)

Affected versions

< 1.4.0

Patched versions

1.4.0

Description

Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher.

References

Published by the National Vulnerability Database Feb 1, 2022
Published to the GitHub Advisory Database Feb 2, 2022
Reviewed Feb 3, 2022
Last updated Sep 12, 2024

Severity

Moderate

EPSS score

0.593%
(79th percentile)

Weaknesses

CVE ID

CVE-2021-44451

GHSA ID

GHSA-hhm3-48h2-597v

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.