When explicitly enabling the feature flag `DASHBOARD_CACHE` (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Affected Packages

PyPI apache-superset

Affected versions: 0 (last affected: 1.5.2)

PyPI apache-superset

Related CVEs

CVE-2022-45438

Key Information

GHSA ID

GHSA-8f5j-mgx9-5hm5

Published

January 16, 2023 12:30 PM

Last Modified

January 24, 2023 6:53 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

apache-superset

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.