You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@superset.apache.org by Daniel Gaspar <dp...@apache.org> on 2022/02/01 09:09:24 UTC
CVE-2021-44451: Apache Superset: API sensitive information leak
Description:
Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way.
Mitigation:
Upgrade to Apache Superset 1.4.0 or higher.
Credit:
Found and reported by Cesar Santos