Description
An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.
This issue affects Apache Superset before 3.0.0.
This issue affects Apache Superset before 3.0.0.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2023-2958 | An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0. |
Github GHSA |
GHSA-fgpw-4w69-j256 | Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability |
References
History
Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Thu, 13 Feb 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0. | An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0. |
Status: PUBLISHED
Assigner: apache
Published:
Updated: 2025-02-13T17:09:25.693Z
Reserved: 2023-09-11T12:34:12.410Z
Link: CVE-2023-42505
No data.
Status : Modified
Published: 2023-11-28T17:15:08.093
Modified: 2026-06-17T06:23:58.463
Link: CVE-2023-42505
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
- NVD-CWE-noinfo
EUVD
Github GHSA