CVE-2023-42505

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 28, 2023

Updated: Dec 4, 2023

CWE ID 200

Summary

CVE-2023-42505 is a vulnerability affecting Apache Superset versions prior to 3.0.0. An authenticated user with read permissions on database connections metadata can gain unauthorized access to sensitive information, including the connection's username. This issue poses a potential security risk as unauthorized access to database connection details can lead to further exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Superset

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sp4wmm
https://www.cve.org/CVERecord?id=CVE-2023-42505
https://nvd.nist.gov/vuln/detail/CVE-2023-42505

Back to Vulnerability Database