=====================================================================

                             CERT-Renater

                   Note d'Information No. 2021/VULN055
_____________________________________________________________________

DATE                : 01/02/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Superset versions prior to
                                          1.4.0.

=====================================================================
https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb
_____________________________________________________________________


CVE-2021-44451: Apache Superset: API sensitive information leak


Description:

Apache Superset up to and including 1.3.2 allowed for registered
database connections password leak for authenticated users. This
information could be accessed in a non-trivial way.


Mitigation:

Upgrade to Apache Superset 1.4.0 or higher.


Credit:

Found and reported by Cesar Santos

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================