CVE-2020-1932
MEDIUMApache Superset 0.34.0-0.35.1 - Authenticated Information Disclosure via Undocumented API Endpoint
Title source: llmDescription
An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.
References (1)
Core 1
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread.html/r4e5323c3bc786005495311a6ff53ac6d990b2c7eb52941a1a13ce227%40%3Cdev.superset.apache.org%3E
Scores
CVSS v3
6.5
EPSS
0.0022
EPSS Percentile
44.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (5)
apache/superset
0.34.0
apache/superset
0.34.1
apache/superset
0.35.0
apache/superset
0.35.1
pypi/apache-superset
0.34.0 - 0.35.2PyPI
Published
Jan 28, 2020
Tracked Since
Feb 18, 2026