CVE-2023-42505

EPSS 0.04%
Published 28.11.2023 17:15:08
Last modified 13.02.2025 17:17:08
Source security@apache.org
Teams watchlist Login
Open Login

An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.

This issue affects Apache Superset before 3.0.0.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Superset Version < 3.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.131

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security@apache.org	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.openwall.com/lists/oss-security/2023/11/28/5

Third Party Advisory

Mailing List

https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-42505

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-42505

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-42505

EUVD