CVE-2020-1932

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1932

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1932.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-1932

Aliases

Published

2020-01-28T01:15:12Z

Modified

2025-02-05T09:11:53.708620Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.

References

https://lists.apache.org/thread.html/r4e5323c3bc786005495311a6ff53ac6d990b2c7eb52941a1a13ce227%40%3Cdev.superset.apache.org%3E

Affected packages

Git / github.com/apache/superset

Affected ranges

Type: GIT
Repo: https://github.com/apache/superset
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

20e68c87402414fabb3e0fd715be487fa7ebf5cc

Last affected

270fd32a29b8d328890cc6888e751d46340ca4bd

Last affected

49d672eb34fc26ca061ee19cb7a66c68bea128cc

Last affected

62c2e15a0adf76571ba14401c60d6f8a3216aa0a