What is CVE-2021-44451?

CVE-2021-44451 is a vulnerability in Apache Software Foundation Superset, classified under Insufficiently Protected Credentials. Published 2022-02-01.

Is CVE-2021-44451 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Superset

CVE-2021-44451

Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher.

EPSS: 0.834 (99.3th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Superset — versions Apache Superset

Weakness classification (CWE)

CWE-522 — Insufficiently Protected Credentials

Public proof-of-concept exploits

References

lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-44451?: CVE-2021-44451 is a vulnerability in Apache Software Foundation Superset, classified under Insufficiently Protected Credentials. Published 2022-02-01.
Is CVE-2021-44451 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.