Improper Access Control in Apache Superset
CVE-2019-12413

5.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Incubator Superset
Vendor: CVE Published:; 16 December 2019

Summary

A vulnerability in Apache Superset prior to version 0.31 allows users to exploit improperly restricted access control features. By crafting complex queries, unauthorized individuals could query database metadata information from databases they should not have access to. This could lead to the exposure of sensitive information and potential manipulation of data, emphasizing the importance of applying proper access restrictions to safeguard database integrity.

Affected Version(s)

Apache Incubator Superset Apache Incubator Superset 0.0.0 to 0.29.0

References

https://lists.apache.org/thread.html/85ab04f8c52df8c353ec...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2019
Vulnerability Reserved
May 28, 2019