Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ApacheSuperset*

3 matches found

CVE
CVEadded 2020/01/28 1:15 a.m.122 views

CVE-2020-1932

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.

6.5CVSS6.1AI score0.00234EPSS
CVE
CVEadded 2020/09/30 9:15 p.m.75 views

CVE-2020-13952

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the aut...

8.1CVSS7.7AI score0.00125EPSS
CVE
CVEadded 2020/09/17 1:15 p.m.59 views

CVE-2020-13948

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions

8.8CVSS8.6AI score0.00619EPSS