CVE-2022-45438

Exposure of Resource to Wrong Sphere in pypi/superset

Identifiers

CVE-2022-45438

Package Slug

pypi/superset

Vulnerability

Exposure of Resource to Wrong Sphere

Description

When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Affected Versions

All versions up to 1.5.2, version 2.0.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-01-25

source