CVE-2023-39264

EPSS 0.1%
Published 06.09.2023 13:15:08
Last modified 21.11.2024 08:15:00
Source security@apache.org
Teams watchlist Login
Open Login

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Superset Version <= 2.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.279

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security@apache.org	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-39264

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-39264

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-39264

EUVD