Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.
Description:
Apache Superset up to and including 131 allowed for database connections password leak for authenticated users This
information could be accessed in a non-trivial way
Mitigation:
Upgrade to Apache Superset 132 or higher
Credit:
Apache Superset team would like to thank Ke Zhu for reporting this issue ...