CVE-2023-42505

CWE-200Information Exposure4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 90.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache SupersetApache Superset
Timeline
PublishedNov 28

Description

An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDapache/superset< 3.0.0
PyPIapache-superset< 3.0.0

🔴Vulnerability Details

3
OSV
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability2023-11-28
GHSA
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability2023-11-28
CVEList
Apache Superset: Sensitive information disclosure on db connection details2023-11-28
CVE-2023-42505 (MEDIUM CVSS 4.3) | An authenticated user with read per | cvebase.io