CVE-2023-42505

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
28/11/2023
Last modified:
13/02/2025

Description

An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:* 3.0.0 (excluding)