VYPR
Moderate severityNVD Advisory· Published Apr 24, 2023· Updated Oct 21, 2024

Apache Superset: Database connection password leak

CVE-2023-30776

Description

An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
apache-supersetPyPI
>= 1.3.0, < 2.1.02.1.0

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.