CVE-2022-45438

CVE-2022-45438: Apache Superset: Dashboard metadata information leak

Vendor Apache Software Foundation

Product Apache Superset

Weakness CWE-668

Published January 16, 2023

Last update April 7, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Key dates

Disclosure timeline

January 16, 2023 CVE published

April 7, 2025 Record updated

Identifiers

CVE CVE-2022-45438

CWE CWE-668

Affected versions

Vendor Apache Software Foundation

Product Apache Superset

Affected ≥ 2.0.0 and < 2.0.1

Vendor Apache Software Foundation

Product Apache Superset

Affected ≤ 1.5.2