CVE-2023-42505: Exposure of Sensitive Information to an Unauthorized Actor

November 28, 2023 (updated December 4, 2023)

An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection’s username.

This issue affects Apache Superset before 3.0.0.

References

www.openwall.com/lists/oss-security/2023/11/28/5
github.com/advisories/GHSA-fgpw-4w69-j256
lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y
nvd.nist.gov/vuln/detail/CVE-2023-42505

Detect and mitigate CVE-2023-42505 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →