An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Thu, 03 Oct 2024 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
References

Thu, 03 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 03 Oct 2024 13:00:00 +0000

Type Values Removed Values Added
Description An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
Weaknesses CWE-209

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-02-28T10:06:48.685Z

Updated: 2024-10-03T12:30:59.889Z

Reserved: 2024-02-23T09:15:21.202Z

Link: CVE-2024-27315

cve-icon Vulnrichment

Updated: 2024-08-02T00:28:00.428Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-02-28T10:15:09.650

Modified: 2024-11-21T09:04:18.873

Link: CVE-2024-27315

cve-icon Redhat

No data.