CVE-2022-45438

When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References
Link Resource
https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9 Mailing List Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:superset:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:superset:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:superset:2.0.0:-:*:*:*:*:*:*

Information

Published : 2023-01-16 11:15

Updated : 2023-01-30 03:12


NVD link : CVE-2022-45438

Mitre link : CVE-2022-45438

Products Affected
No products.
CWE