CVE-2022-45438

When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:superset:2.0.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:superset:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:superset:2.0.0:rc2:*:*:*:*:*:*

History

21 Nov 2024, 07:29

Type Values Removed Values Added
References () https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9 - Mailing List, Vendor Advisory () https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9 - Mailing List, Vendor Advisory

07 Nov 2023, 03:54

Type Values Removed Values Added
Summary When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Information

Published : 2023-01-16 11:15

Updated : 2024-11-21 07:29


NVD link : CVE-2022-45438

Mitre link : CVE-2022-45438

CVE.ORG link : CVE-2022-45438


JSON object : View

Products Affected

apache

  • superset
CWE
CWE-668

Exposure of Resource to Wrong Sphere