How severe is CVE-2022-45438?

CVE-2022-45438 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2022-45438

Name: superset
Author: apache

5.3MEDIUM

When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint

Published: 1/16/2023Updated: 4/7/2025

Description

When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

AI AnalysisPowered by AI

Affected Products

apachesuperset

2.0.0

apachesuperset

2.0.0

apachesuperset

2.0.0

References

https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9
Mailing ListVendor Advisory
https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9
Mailing ListVendor Advisory