CVE-2023-4400

Skyhigh Secure Web Gateway (SWG) is affected: versions 11.x prior to 11.2.14, 10.x prior to 10.2.25, and 12.x prior to 12.2.1 contain a password-management issue where authentication information stored in configuration files can be extracted via the SWG REST API because passwords are stored in pl...

CVE-2023-4400

A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...

Apache Superset REST API Authorization Issues Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions suffer from an authorization issue vulnerability that stems from incorrect REST API permissions. An attacker can exploit this vulnerability to cau...

Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks

Patches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update version 2.1.1 plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions...

GHSA-CPVX-2365-466C Apache Superset may expose internal traces on REST API endpoints

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0...

GHSA-9832-MGG4-3GR6 Apache Superset has improper default REST API permission for Gamma users

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections...

GHSA-4FG9-5W46-XMRJ Apache Superset Server Side Request Forgery vulnerability

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF...

Apache Superset has improper default REST API permission for Gamma users

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections...

Apache Superset may expose internal traces on REST API endpoints

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0...

Apache Superset Server Side Request Forgery vulnerability

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF...

CVE-2023-36388

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF...

CVE-2023-36387

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections...

CVE-2023-39264

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0...

CVE-2023-36387

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections...

CVE-2023-36388

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF...

Server side request forgery (ssrf)

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF...

CVE-2023-39264

CVE-2023-39264 affects Apache Superset up to version 2.1.0. The root cause is that error handling defaulted to emitting stack traces, which exposes internal traces via REST API endpoints. The vulnerability enables potential disclosure of internal information and is categorized with network exposu...

CVE-2023-39264 Apache Superset: Stack traces enabled by default

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0...

CVE-2023-39264 Apache Superset: Stack traces enabled by default

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0...

CVE-2023-36388 Apache Superset: Improper API permission for low privilege users allows for SSRF

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF...