Main Vulnerability Database Vulnerabilities #VU47224

Information disclosure in Apache Superset - CVE-2020-13952

Published: September 30, 2020

Vulnerability identifier: #VU47224

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-13952

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache Superset

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application due to improper input validation within the Hive and Presto database engines. A remote user send a specially crafted request to the application and reveal database structure.

Remediation

Install updates from vendor's website.

External links

https://seclists.org/oss-sec/2020/q3/203

Information disclosure in Apache Superset - CVE-2020-13952

Description

Remediation

External links

Please verify you're human