CVE-2022-45438

Improper Access Control in pypi/apache-superset

Identifiers

CVE-2022-45438, GHSA-8f5j-mgx9-5hm5

Package Slug

pypi/apache-superset

Vulnerability

Improper Access Control

Description

When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Affected Versions

All versions up to 1.5.2, version 2.0.0

Solution

Upgrade to versions 1.5.3, 2.0.1 or above.

Last Modified

2023-01-23

source