CVE-2023-42505
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability
4.3
MEDIUM
CVSS 3.1
EPSS 0.04%
Description
An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0.
How to fix CVE-2023-42505
To remediate CVE-2023-42505, upgrade the affected package to a fixed version below.
- —upgrade to 3.0.0 or later
- —upgrade to 3.0.0 or later
Is CVE-2023-42505 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.0.0
- from 0, < 3.0.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |