BIT-REDASH-2021-43777

Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login via OAuth incorrectly uses the state parameter to pass the next URL to redirect the user to after login. The state parameter should be used for a Cross-Site Request Forgery...

BIT-REDASH-2021-43780

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

BIT-GRAFANA-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

BIT-GRAFANA-2022-39201 Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Grafana is an open source observability and data visualization platform. Starting with version 5.0.0 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions...

Apache Superset SQL Injection Vulnerability (CNVD-2024-26534)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit the vulnerability to...

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database by sending carefully crafted S...

CVE-2024-23328

CVE-2024-23328 concerns DataEase, an open-source data visualization/analysis tool. The vulnerability resides in the DataEase datasource implementation, specifically in the Java file Mysql.java, where unsafe deserialization can be triggered through bypassable blacklist checks on MySQL JDBC paramet...

Apache Superset Cross-Site Scripting Vulnerability (CNVD-2024-06442)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Superset versions prior to 3.0.3, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can ...

Apache Superset SQL Injection Vulnerability (CNVD-2024-0102192)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an authenticated, remote attacker to send specially crafted SQL statements to the wherein JINJA macro...

Apache Superset Elevation of Privilege Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain write access to all gauges in a dashboard via the Add Gauge function of Create...

DRUPAL-CONTRIB-2023-055

This module allows you to turn various data sources Eg CSV or JSON file into interactive visualisation. The DVF module provides a field storage, widget & formatter that can be added to any entity. This module uses two third-party JS libraries having from low to medium vulnerabilities. One of the...

Arbitrary File Read Vulnerability in Damon Qizi Conference Data Visualization System (DMQZDV Experience Edition) of Wuhan Damon Database Co.

Damon Qiji big data visualization system is a one-stop tool platform for big data display. An arbitrary file read vulnerability exists in the Damon Qizi Big Data Visualization System DMQZDV Experience Edition of Wuhan Damon Database Co...

Apache Superset Input Validation Error Vulnerability (CNVD-2023-9666130)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An input validation error vulnerability exists in Apache Superset versions prior to 3.0.0. The vulnerability stems from the presence of improper input validation, which can be exploited by an...

Apache Superset Cross-Site Scripting Vulnerability (CNVD-2023-9665948)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Superset versions prior to 2.1.2, which stems from the presence of incorrect payload validation and incorrect REST API response type issues. ...

Apache Superset Information Disclosure Vulnerability (CNVD-2024-0681549)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An information disclosure vulnerability exists in Apache Superset versions prior to 2.1.2, which can be exploited by an authenticated attacker to read configured CSS templates and comments...

Apache Superset Information Disclosure Vulnerability (CNVD-2023-9666229)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An information disclosure vulnerability exists in Apache Superset versions prior to 3.0.0, which stems from the application's inadequate protection of sensitive information and can be exploited b...

File Upload Vulnerability in Yonghong BI of Beijing Yonghong Business Intelligence Technology Co.

Beijing Yonghong Business Intelligence Technology Co., Ltd. is committed to providing global enterprises with big data technology products and services, relying on independent intellectual property rights of the one-stop big data platform to form a perfect product and service system, with...

Why Cool Dashboards Don’t Equal Effective Security Analytics

Mark Twain once said, “Data is like garbage. You’d better know what you are going to do with it before you collect it.” This statement rings true in todays cybersecurity landscape. Security professionals are inundated with a flood of data, and often, they dont know how to make sense of it. To add...

The vulnerability of the Apache Superset data visualization software lies in authentication errors, which allow an attacker to gain read access to the database.

The vulnerability of the Apache Superset data visualization software is related to authentication errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to the database...

Apache Superset Information Disclosure Vulnerability (CNVD-2023-70276)

Apache Superset is an open source data visualization tool based on Python. A security vulnerability in the Apache Superset stack trace error handling can be exploited by a remote attacker to submit a special request that can obtain sensitive information...