CVE-2023-39264 MEDIUM

CVE-2023-39264: Apache Superset: Stack traces enabled by default

Vendor Apache Software Foundation

Product Apache Superset

Weakness CWE-209 · Error message info leak

Published September 6, 2023

Last update September 26, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

Description

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

Key dates

Disclosure timeline

September 6, 2023 CVE published

September 26, 2024 Record updated