An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data.
This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.
Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 03 Oct 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-200 | |
References |
|
Thu, 03 Oct 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 03 Oct 2024 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. | An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. |
Weaknesses | CWE-209 |
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-02-28T10:06:48.685Z
Updated: 2024-10-03T12:30:59.889Z
Reserved: 2024-02-23T09:15:21.202Z
Link: CVE-2024-27315
Vulnrichment
Updated: 2024-08-02T00:28:00.428Z
NVD
Status : Awaiting Analysis
Published: 2024-02-28T10:15:09.650
Modified: 2024-11-21T09:04:18.873
Link: CVE-2024-27315
Redhat
No data.