Apache Superset: Error verbosity exposes metadata in analytics databases · CVE-2024-53948 · GitHub Advisory Database · GitHub

Apache Superset: Error verbosity exposes metadata in analytics databases

Moderate severity GitHub Reviewed Published Dec 9, 2024 to the GitHub Advisory Database • Updated Feb 11, 2025

Package

apache-superset (pip)

Affected versions

< 4.1.0

Patched versions

4.1.0

Description

Generation of Error Message Containing analytics metadata Information in Apache Superset.

This issue affects Apache Superset: before 4.1.0.

Users are recommended to upgrade to version 4.1.0, which fixes the issue.

References

Published by the National Vulnerability Database

Dec 9, 2024

Published to the GitHub Advisory Database Dec 9, 2024

Reviewed Dec 9, 2024

Last updated Feb 11, 2025

Severity

Moderate

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required Low

User interaction None

Vulnerable System Impact Metrics

Confidentiality None

Integrity None

Availability None

Subsequent System Impact Metrics

Confidentiality Low

Integrity None

Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N