2 matches found
CVE-2025-55673
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...
CVE-2025-55673
creationtimestamp| type| source ---|---|--- 2025-08-14 10:41:44+00:00| seen| https://seclists.org/oss-sec/2025/q3/105 2025-08-14 13:10:39+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lwefzyvra22p...