GHSA-fgpw-4w69-j256

Source

https://github.com/advisories/GHSA-fgpw-4w69-j256

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-fgpw-4w69-j256/GHSA-fgpw-4w69-j256.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-fgpw-4w69-j256

Aliases

Published

2023-11-28T18:30:23Z

Modified

2025-02-13T19:52:02.021354Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Details

An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.

This issue affects Apache Superset before 3.0.0.

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ],
    "nvd_published_at": "2023-11-28T17:15:08Z",
    "severity": "MODERATE",
    "github_reviewed_at": "2023-11-28T23:29:04Z",
    "github_reviewed": true
}

References

Affected packages

PyPI / apache-superset

Package

Name: apache-superset; View open source insights on deps.dev
Purl: pkg:pypi/apache-superset

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.0

Affected versions

0.*

0.34.0

0.34.1

0.35.1

0.35.2

0.36.0

0.37.0

0.37.1

0.37.2

0.38.0

0.38.1

1.*

1.0.0

1.0.1

1.1.0

1.2.0

1.3.0

1.3.1

1.3.2

1.4.0

1.4.1

1.4.2

1.5.0

1.5.1

1.5.2

1.5.3

2.*

2.0.0

2.0.1

2.1.0

2.1.1rc1

2.1.1rc2

2.1.1rc3

2.1.1

2.1.2

2.1.3

3.*

3.0.0rc1

3.0.0rc2

3.0.0rc3

3.0.0rc4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-fgpw-4w69-j256/GHSA-fgpw-4w69-j256.json"