CVE-2020-1932
MEDIUM6.5EPSS 0.22%Information disclosure in Apache Superset
發布日:2020/2/26修改日:2025/4/3
描述
An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.
受影響套件(3)
- Bitnami/superset>= 0.34.0, < 0.34.1, >= 0.34.1, < 0.34.2, >= 0.35.0, < 0.35.1, >= 0.35.1, < 0.35.2
- PyPI/apache-superset>= 0.34.0, < 0.35.2
- PyPI/apache-supersetfrom 0, < 0.35.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
參考連結(5)
- ADVISORYhttps://github.com/advisories/GHSA-fxjm-wvj9-9c39
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-1932
- PATCHhttps://github.com/apache/superset
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2020-224.yaml
- WEBhttps://lists.apache.org/thread.html/r4e5323c3bc786005495311a6ff53ac6d990b2c7eb52941a1a13ce227%40%3Cdev.superset.apache.org%3E