CVE-2020-1932 — Sensitive Information Exposure in Software Foundation Apache Superset

CWE-200 — Sensitive Information Exposure5 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 53.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Superset Apache Superset

Timeline

PublishedJan 28

Latest updateFeb 26

Description

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5apache_software_foundation/apache_superset4 versions+3

▶NVDapache/superset4 versions+3

🔴Vulnerability Details

GHSA

Information disclosure in Apache Superset↗2020-02-26

▶

OSV

Information disclosure in Apache Superset↗2020-02-26

▶

OSV

CVE-2020-1932: An information disclosure issue was found in Apache Superset 0↗2020-01-28

▶

CVEList

CVE-2020-1932: An information disclosure issue was found in Apache Superset 0↗2020-01-28

▶