Date: Mon, 24 Apr 2023 14:51:36 +0000 From: Daniel Gaspar <dpgaspar@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2023-30776: Apache Superset: Database connection password leak Description: An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1. References: https://superset.apache.org https://www.cve.org/CVERecord?id=CVE-2023-30776
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.