CVE-2023-42505

An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.

This issue affects Apache Superset before 3.0.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
apacheCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
apachesuperset
𝑥
< 3.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2023/11/28/5
https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y
http://www.openwall.com/lists/oss-security/2023/11/28/5
https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y