How severe is CVE-2022-45438?

CVE-2022-45438 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2022-45438

Name: superset
Author: apache

5.3MEDIUM

When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint

Publicado: 1/16/2023Actualizado: 4/7/2025

Descripción

When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Análisis IAImpulsado por IA

Productos Afectados

apachesuperset

2.0.0

apachesuperset

2.0.0

apachesuperset

2.0.0

Referencias

https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9
Mailing ListVendor Advisory
https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9
Mailing ListVendor Advisory