CVE-2021-44451: Insufficiently Protected Credentials

February 1, 2022 (updated February 5, 2022)

Apache Superset up to and including allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset or higher.

References

lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb
nvd.nist.gov/vuln/detail/CVE-2021-44451

Detect and mitigate CVE-2021-44451 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →