QwikSec

Security Database

CVE

CWE

Training

CVE-2022-45438

Published: Jan 16, 2023

Modified: Apr 7, 2025

PUBLISHED

Description

When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Vendor	Product	Versions
Apache Software Foundation	Apache Superset	affected `2.0.0 - < 2.0.1` affected `0 - <= 1.5.2`

Weaknesses (CWE)

References

https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.