{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-13T21:42:39.955","vulnerabilities":[{"cve":{"id":"CVE-2020-1932","sourceIdentifier":"security@apache.org","published":"2020-01-28T01:15:12.473","lastModified":"2024-11-21T05:11:38.277","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset."},{"lang":"es","value":"Se detectó un problema de divulgación de información en Apache Superset versiones 0.34.0, 0.34.1, 0.35.0 y 0.35.1. Los usuarios de Apache Superset autenticados son capaces de recuperar la información de otros usuarios, incluidas las contraseñas del hash, accediendo a un endpoint de la API no utilizado y no documentado en Apache Superset."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:superset:0.34.0:-:*:*:*:*:*:*","matchCriteriaId":"5A7A676A-FACE-475D-AC77-38196CB6EA31"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:superset:0.34.1:*:*:*:*:*:*:*","matchCriteriaId":"38701DD5-DE10-4955-A150-F64C2892C0B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:superset:0.35.0:*:*:*:*:*:*:*","matchCriteriaId":"5D46A12E-7033-495F-8CD5-825F7602419F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:superset:0.35.1:*:*:*:*:*:*:*","matchCriteriaId":"7BBE1954-2561-4679-85F3-04D7C0A9A584"}]}]}],"references":[{"url":"https://lists.apache.org/thread.html/r4e5323c3bc786005495311a6ff53ac6d990b2c7eb52941a1a13ce227%40%3Cdev.superset.apache.org%3E","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/r4e5323c3bc786005495311a6ff53ac6d990b2c7eb52941a1a13ce227%40%3Cdev.superset.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}