GHSA-fxjm-wvj9-9c39
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fxjm-wvj9-9c39
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/02/GHSA-fxjm-wvj9-9c39/GHSA-fxjm-wvj9-9c39.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fxjm-wvj9-9c39
- Aliases
- Published
- 2020-02-26T19:54:57Z
- Modified
- 2025-02-05T09:12:01.670694Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Information disclosure in Apache Superset
- Details
-
An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.
- Database specific
{ "nvd_published_at": "2020-01-28T01:15:00Z", "cwe_ids": [ "CWE-200" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-02-25T15:51:07Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-1932
- https://github.com/apache/superset
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2020-224.yaml
- https://lists.apache.org/thread.html/r4e5323c3bc786005495311a6ff53ac6d990b2c7eb52941a1a13ce227%40%3Cdev.superset.apache.org%3E
Affected packages
PyPI / apache-superset
Package
- Name
- apache-superset
- View open source insights on deps.dev
- Purl
- pkg:pypi/apache-superset