Severity: Medium Vendor: The Apache Software Foundation
Product: Apache Incubator Superset Versions Affected: 0.34.0 0.34.1 0.35.0 0.35.1 Description: Authenticated Apache Superset users are able to retrieve to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset. Mitigation: Superset users with the mentioned affected versions should upgrade to 0.35.2 or higher Please reply to: d...@superset.apache.org <https://lists.apache.org/list.html?d...@superset.apache.org>
