CVE-2021-41972: Insufficiently Protected Credentials

November 12, 2021 (updated August 9, 2022)

Apache Superset allows for database connections to leak passwords for authenticated users. This information could be accessed in a non-trivial way.

References

lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v
nvd.nist.gov/vuln/detail/CVE-2021-41972
seclists.org/oss-sec/2021/q4/106

Code Behaviors & Features

Detect and mitigate CVE-2021-41972 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →