When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9 | Mailing List Vendor Advisory |
https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9 | Mailing List Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9 - Mailing List, Vendor Advisory |
07 Nov 2023, 03:54
Type | Values Removed | Values Added |
---|---|---|
Summary | When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. |
Information
Published : 2023-01-16 11:15
Updated : 2024-11-21 07:29
NVD link : CVE-2022-45438
Mitre link : CVE-2022-45438
CVE.ORG link : CVE-2022-45438
JSON object : View
Products Affected
apache
- superset
CWE
CWE-668
Exposure of Resource to Wrong Sphere