Lucene search
ApacheCVELIST:CVE-2022-45438HistoryJan 16, 2023 - 10:12 a.m.
CVE-2022-45438 Apache Superset: Dashboard metadata information leak
2023-01-1610:12:02
CWE-668
apache
www.cve.org
3
apache superset
dashboard
metadata
information leak
cve-2022-45438
rest api
EPSS
0.001
Percentile
49.3%
When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint.Β This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
github
github
Apache Superset has Improper Access Control
2023-01-16 12:30:17
osv
osv
Apache Superset has Improper Access Control
2023-01-16 12:30:17
CVE-2022-45438
2023-01-16 11:15:10
cve
cve
CVE-2022-45438
2023-01-16 11:15:10
prion
prion
Default configuration
2023-01-16 11:15:00
cnvd
cnvd
Apache Superset Access Control Error Vulnerability (CNVD-2023-05217)
2023-01-18 00:00:00
veracode
veracode
Improper Access Control
2023-01-19 10:46:35
nvd
nvd
CVE-2022-45438
2023-01-16 11:15:10