CVE-2023-39264

CWE-2094 documents4 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 73.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache SupersetApache Superset
Timeline
PublishedSep 6

Description

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDapache/superset2.1.0
PyPIapache-superset2.1.0

🔴Vulnerability Details

3
GHSA
Apache Superset may expose internal traces on REST API endpoints2023-09-06
OSV
Apache Superset may expose internal traces on REST API endpoints2023-09-06
CVEList
Apache Superset: Stack traces enabled by default2023-09-06
CVE-2023-39264 (MEDIUM CVSS 4.3) | By default | cvebase.io