Apache: >> Superset >> 1.4.1 Security Vulnerabilities
When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
CVSS Score
5.3
EPSS Score
0.032
Published
2023-01-16
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-07-06
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.
CVSS Score
9.8
EPSS Score
0.043
Published
2022-04-13
Page 6