CVE-2023-39264

EPSS 0.12%
Veröffentlicht 06.09.2023 13:15:08
Zuletzt bearbeitet 21.11.2024 08:15:00
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Superset: Stack traces enabled by default

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Superset Version <= 2.1.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.309

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security@apache.org	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-39264

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-39264

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-39264

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-39264