Lucene search

ApacheVULNRICHMENT:CVE-2023-39264

HistorySep 06, 2023 - 12:58 p.m.

CVE-2023-39264 Apache Superset: Stack traces enabled by default

2023-09-0612:58:59

CWE-209

apache

github.com

apache

superset

default

stack traces

exposure

rest api

vulnerability

cve-2023-39264

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

References

lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-39264