Apache: >> Superset >> 2.1.3 Security Vulnerabilities
An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.
This issue affects Apache Superset before 3.0.0.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-11-28
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-11-28
Page 3