6 matches found
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to a missing authorization check in the DataSource API, where requests are not properly validated before returning data source metadata, allowing unauthorized users to disclose sensitive data source...
CVE-2026-32966
The CVE affects Apache DolphinScheduler prior to 3.4.2. A missing authorization check in the DataSource API allows exposure of arbitrary data source metadata to unauthenticated users, enabling potential disclosure of sensitive information. The issue’s root cause is insufficient access control on ...
CVE-2026-46427
Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...
CVE-2026-46427
Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...
CVE-2026-46427
Budibase prior to 3.38.3 exposes Snowflake private keys via the datasource API. The removeSecrets filter masks only datasource config fields with schema type DatasourceFieldType.PASSWORD; Snowflake integration marks privateKey as SENSITIVE_LONGFORM, which is not filtered, allowing a BASIC-authent...
EUVD-2026-11647
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...