Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache superset vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-1932
An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Supe...
Apache Superset 0.34.0
Apache Superset 0.34.1
Apache Superset 0.35.0
Apache Superset 0.35.1
5.3
CVSSv3
CVE-2022-45438
When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and versio...
Apache Superset
Apache Superset 2.0.0
8.8
CVSSv3
CVE-2022-43719
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Apache Superset
Apache Superset 2.0.0
5.4
CVSSv3
CVE-2022-43717
Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and ver...
Apache Superset
Apache Superset 2.0.0
5.4
CVSSv3
CVE-2022-43718
Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Apache Superset
Apache Superset 2.0.0
5.4
CVSSv3
CVE-2022-43720
An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and ...
Apache Superset
Apache Superset 2.0.0
5.4
CVSSv3
CVE-2022-43721
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Apache Superset
Apache Superset 2.0.0
5.4
CVSSv3
CVE-2022-41703
A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user ...
Apache Superset
Apache Superset 2.0.0
5.3
CVSSv3
CVE-2019-12414
In Apache Incubator Superset prior to 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab
Apache Superset
4.3
CVSSv3
CVE-2021-37839
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.
Apache Superset
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »