PT-2023-26855 · Apache · Apache Superset
Miguel Segovia Gil
·
Published
2023-09-06
·
Updated
2025-02-05
·
CVE-2023-39264
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Superset versions up to and including 2.1.0
Description
The issue is related to stack traces for errors being enabled by default, resulting in the exposure of internal traces on REST API endpoints to users. This could potentially reveal sensitive information about the system's internal workings.
Recommendations
For Apache Superset versions up to and including 2.1.0, consider disabling the default stack trace feature to prevent the exposure of internal traces on REST API endpoints. As a temporary workaround, restrict access to the REST API endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Superset