PT-2021-23460 · Apache · Apache Superset

Ke Zhu

Published

2021-11-12

Updated

2025-02-05

CVE-2021-41972

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache Superset versions up to and including 1.3.1

Description The issue allows for a database connections password leak for authenticated users. This information could be accessed in a non-trivial way.

Recommendations For Apache Superset versions up to and including 1.3.1, update to a version later than 1.3.1 to prevent database connections password leaks.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

BIT-SUPERSET-2021-41972

CVE-2021-41972

GHSA-42Q4-9XF9-F67X

PYSEC-2021-434

Affected Products

Apache Superset

PT-2021-23460 · Apache · Apache Superset

CVE-2021-41972

Weakness Enumeration

Related Identifiers

Affected Products

References · 13