CVE-2023-42505 MEDIUM

CVE-2023-42505: Apache Superset: Sensitive information disclosure on db connection details

Vendor Apache Software Foundation

Product Apache Superset

Weakness CWE-200 · Info exposure

Published November 28, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

Description

An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0.

Key dates

Disclosure timeline

November 28, 2023 CVE published

February 13, 2025 Record updated