=====================================================================

                              CERT-Renater

                  Note d'Information No. 2021/VULN602
_____________________________________________________________________

DATE                : 12/11/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Superset versions prior to
                                            1.3.2.

=====================================================================
http://mail-archives.apache.org/mod_mbox/www-announce/202111.mbox/%3c26045d06-d982-ad3c-c276-641356ce7bfe@apache.org%3e
_____________________________________________________________________

CVE-2021-4197 Apache Superset: Credentials leak


Description:

Apache Superset up to and including 1.3.1 allowed for database
connections password leak for authenticated users. This information
could be accessed in a non-trivial
way.


Mitigation:

Upgrade to Apache Superset 1.3.2 or higher


Credit:

Apache Superset team would like to thank Ke Zhu for reporting this issue


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================