An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API
Reporter | Title | Published | Views | Family All 9 |
---|---|---|---|---|
Cvelist | CVE-2023-30776 Apache Superset: Database connection password leak | 24 Apr 202315:29 | β | cvelist |
Veracode | Password Disclosure | 27 Apr 202304:10 | β | veracode |
NVD | CVE-2023-30776 | 24 Apr 202316:15 | β | nvd |
OSV | Apache Superset vulnerable to Exposure of Sensitive Information | 6 Jul 202319:24 | β | osv |
OSV | CVE-2023-30776 | 24 Apr 202316:15 | β | osv |
Prion | Design/Logic Flaw | 24 Apr 202316:15 | β | prion |
Vulnrichment | CVE-2023-30776 Apache Superset: Database connection password leak | 24 Apr 202315:29 | β | vulnrichment |
Github Security Blog | Apache Superset vulnerable to Exposure of Sensitive Information | 6 Jul 202319:24 | β | github |
The Hacker News | Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks | 7 Sep 202311:02 | β | thn |
[
{
"defaultStatus": "unaffected",
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo