CVE-2023-42505
MEDIUMApache Superset < 3.0.0 - Authenticated Exposure of Sensitive Database Connection Information
Title source: llmDescription
An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/11/28/5
Mailing List, Third Party Advisory vendor-advisory
https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y
Scores
CVSS v3
4.3
EPSS
0.0004
EPSS Percentile
13.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
apache/superset
< 3.0.0
pypi/apache-superset
0 - 3.0.0PyPI
Published
Nov 28, 2023
Tracked Since
Feb 18, 2026