CVE-2023-39264 — MEDIUM (4.3)

Q: How severe is CVE-2023-39264?

CVE-2023-39264 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-39264?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Superset.

Vulnerability Description

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Superset	<= 2.1.0

Related Weaknesses (CWE)

CWE-209

References

https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75Mailing List
https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75Mailing List

FAQ

What is CVE-2023-39264?

CVE-2023-39264 is a vulnerability with a CVSS score of 4.3 (MEDIUM). By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and incl...

How severe is CVE-2023-39264?

CVE-2023-39264 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-39264?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Superset.