CVE-2020-1932: Information Exposure

January 28, 2020 (updated July 21, 2021)

Authenticated Apache Superset users are able to retrieve other users’ information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.

References

nvd.nist.gov/vuln/detail/CVE-2020-1932

Code Behaviors & Features

Detect and mitigate CVE-2020-1932 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →