8.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-13952

GHSA ID

GHSA-77pw-c3j2-5fc8

EPSS Score

0.32304%

CWE

CWE-200

Published

4/30/2021

Updated

9/4/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-13952

CVE-2020-13952: Plaintext password leak in Apache Superset

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the authenticated users’ password, and access to connection information including the plaintext password for the current connection. It would also be possible to run arbitrary methods on the database connection object for the Presto or Hive connection, allowing the user to bypass security controls internal to Superset. This vulnerability is present in every Apache Superset version < 0.37.2.

(GitHub Advisory)

8.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-13952

GHSA ID

GHSA-77pw-c3j2-5fc8

EPSS Score

0.32304%

CWE

CWE-200

Published

4/30/2021

Updated

9/4/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
apache-superset	pip	< 0.37.2	0.37.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper template processing in Hive/Presto engines. Engine-specific template processors exposed: 1) The current database connection object with plaintext credentials 2) User password hashes 3) Metadata database contents. These functions likely provided a Jinja context with dangerous variables/objects, allowing authenticated users to access sensitive data through SQL template injection (e.g., {{ current_connection.password }}). The high confidence comes from the vulnerability's specific mention of template field exploitation and connection object method execution, which would require these engine-specific template processors to be the attack surface.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In t** *ours* o* work on t** op*n sour** proj**t it w*s *is*ov*r** t**t *ut**nti**t** us*rs runnin* qu*ri*s ***inst *iv* *n* Pr*sto **t***s* *n*in*s *oul* ****ss in*orm*tion vi* * num**r o* t*mpl*t** *i*l*s in*lu*in* t** *ont*nts o* qu*ry **s*ription

Reasoning

T** vuln*r**ility st*ms *rom improp*r t*mpl*t* pro**ssin* in *iv*/Pr*sto *n*in*s. *n*in*-sp**i*i* t*mpl*t* pro**ssors *xpos**: *) T** *urr*nt **t***s* *onn**tion o*j**t wit* pl*int*xt *r***nti*ls *) Us*r p*sswor* **s**s *) M*t***t* **t***s* *ont*nts.

8.1

Basic Information

Concerned about an active attack path?

CVE-2020-13952: Plaintext password leak in Apache Superset

8.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI