CVE-2022-45438
published 2023-01-16CVE-2022-45438: When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | superset | <= 1.5.2 | — |
| apache | superset | — | — |
| apache_software_foundation | apache_superset | <= 1.5.2 | — |
| apache_software_foundation | apache_superset | >= 2.0.0 < 2.0.1 | 2.0.1 |