{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T03:50:10.306","vulnerabilities":[{"cve":{"id":"CVE-2021-44451","sourceIdentifier":"security@apache.org","published":"2022-02-01T14:15:09.483","lastModified":"2024-11-21T06:31:00.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher."},{"lang":"es","value":"Apache Superset versiones hasta 1.3.2 incluyéndola, permitía un filtrado de contraseñas de conexiones de bases de datos registradas para usuarios autenticados. Esta información podía ser accedida de forma no trivial. Los usuarios deben actualizar a Apache Superset versión 1.4.0 o superior"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.2","matchCriteriaId":"792D0A92-21FB-45E5-B010-BD57DB437827"}]}]}],"references":[{"url":"https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}