You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@superset.apache.org by Daniel Gaspar <dp...@apache.org> on 2022/02/01 09:09:24 UTC

CVE-2021-44451: Apache Superset: API sensitive information leak

Description:

Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way.

Mitigation:

Upgrade to Apache Superset 1.4.0 or higher.

Credit:

Found and reported by Cesar Santos