Apache Superset vulnerabilities

CVE-2021-28125 [MEDIUM] CWE-601 CVE-2021-28125: Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

CVE-2021-27907 [MEDIUM] CWE-79 CVE-2021-27907: Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboa Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS

CVE-2020-13952 [HIGH] CVE-2020-13952: In the course of work on the open source project it was discovered that authenticated users running In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the authenticated users’ password, and access to connection informatio

CVE-2020-13948 [HIGH] CVE-2020-13948: While investigating a bug report on Apache Superset, it was determined that an authenticated user co While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the web application process in versions < 0.37.1. It was thus possible for an authenticated user to list and access files, envi

CVE-2020-1932 [MEDIUM] CVE-2020-1932: An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Aut An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.

CVE-2019-12413 [MEDIUM] CVE-2019-12413: In Apache Incubator Superset before 0.31 user could query database metadata information from a datab In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query.

CVE-2019-12414 [MEDIUM] CWE-200 CVE-2019-12414: In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab

CVE-2018-8021 [CRITICAL] CWE-502 CVE-2018-8021: Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.