CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2022-27479 – SQL injection vulnerability in chart data API
https://notcve.org/view.php?id=CVE-2022-27479
13 Apr 2022 — Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue. Apache Superset versiones anteriores a 1.4.2, es vulnerable a una inyección SQL en peticiones de datos de gráficos. Los usuarios deben actualizar a versión 1.4.2, o superior que aborda este problema • http://www.openwall.com/lists/oss-security/2022/04/13/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 68%CPEs: 1EXPL: 0CVE-2021-44451 – API sensitive information leak
https://notcve.org/view.php?id=CVE-2021-44451
01 Feb 2022 — Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher. Apache Superset versiones hasta 1.3.2 incluyéndola, permitía un filtrado de contraseñas de conexiones de bases de datos registradas para usuarios autenticados. Esta información podía ser accedida de forma no trivial. • https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42250 – Possible log injection
https://notcve.org/view.php?id=CVE-2021-42250
17 Nov 2021 — Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs. Una neutralización inapropiada de la salida de los registros. Un endpoint final HTTP específico de Apache Superset permitía a un usuario autenticado falsificar entradas de registro o inyectar contenido malicioso en los registros • http://www.openwall.com/lists/oss-security/2021/11/17/2 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41972 – Credentials leak
https://notcve.org/view.php?id=CVE-2021-41972
12 Nov 2021 — Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Apache Superset versiones hasta 1.3.1 incluyéndola, permitía una filtración de las contraseñas de las conexiones a las bases de datos de los usuarios autenticados. Se podía acceder a esta información de forma no trivial • https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41971 – Possible SQL Injection when template processing is enabled
https://notcve.org/view.php?id=CVE-2021-41971
18 Oct 2021 — Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL. Apache Superset versiones hasta 1.3.0 incluyéndola, cuando era configurado con ENABLE_TEMPLATE_PROCESSING habilitado (deshabilitado por defecto), permitía una inyección SQL cuando un usuario autenticado malicioso enviaba una petición http con una URL personalizada • https://lists.apache.org/thread.html/rf7292731268c6c6e2196ae1583e32ac7189385364268f8d9215e8e6d%40%3Cdev.superset.apache.org%3E • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 9%CPEs: 1EXPL: 0CVE-2021-32609 – XSS vulnerability on Explore page
https://notcve.org/view.php?id=CVE-2021-32609
18 Oct 2021 — Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page. Apache Superset versiones hasta 1.1 incluyéndola, no sanea apropiadamente los títulos en la página Explore. Esto permite a un atacante con acceso a Explore guardar un gráfico con un título malicioso, inyectando html (incluyendo scripts) en la página • https://lists.apache.org/thread.html/r2c09254e98b4f8b3deb422762bd0e2aa6d743b72d96c2f90cbaae31a%40%3Cdev.superset.apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 0CVE-2021-28125 – Apache Superset Open Redirect
https://notcve.org/view.php?id=CVE-2021-28125
27 Apr 2021 — Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link. Apache Superset versiones hasta 1.0.1 incluyéndola, permitió la creación de una URL externa que podría ser maliciosa. Al no comprobar la entrada del usuario para los redireccionamientos abiertos, la ... • http://www.openwall.com/lists/oss-security/2021/04/27/2 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 2%CPEs: 1EXPL: 0CVE-2021-27907 – Apache Superset stored XSS on Dashboard markdown
https://notcve.org/view.php?id=CVE-2021-27907
05 Mar 2021 — Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascr... • https://lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c1873bea67a%40%3Cdev.superset.apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13952
https://notcve.org/view.php?id=CVE-2020-13952
30 Sep 2020 — In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the authenticated users’ password, and access to connection information including the plaintext password for the current connection. It would also be possible to run arbitrary methods on the database connection object fo... • https://lists.apache.org/thread.html/rf1faa368f580d2cb691576bee1277855f769667f3114d5df1dacbea6%40%3Cdev.superset.apache.org%3E •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13948
https://notcve.org/view.php?id=CVE-2020-13948
17 Sep 2020 — While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the web application process in versions < 0.37.1. It was thus possible for an authenticated user to list and access files, environment variables, and process information. Additionally it was possible to set environment variables for the current process, create and update files ... • https://lists.apache.org/thread.html/r0e35c7c5672a6146b962840be5c1a7b7461c05a71cd7ecc62774d155%40%3Cnotifications.superset.apache.org%3E •