{"api_version":"1","generated_at":"2026-04-11T16:48:14+00:00","cve":"CVE-2023-39264","urls":{"html":"https://cve.report/CVE-2023-39264","api":"https://cve.report/api/cve/CVE-2023-39264.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-39264","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-39264"},"summary":{"title":"CVE-2023-39264","description":"By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.","state":"PUBLIC","assigner":"security@apache.org","published_at":"2023-09-06 13:15:00","updated_at":"2023-09-11 14:28:00"},"problem_types":["CWE-209"],"metrics":[],"references":[{"url":"https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75","name":"https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75","refsource":"MISC","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-39264","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39264","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"39264","vulnerable":"1","versionEndIncluding":"2.1.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"superset","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-39264","qid":"995303","title":"Python (Pip) Security Update for apache-superset (GHSA-cpvx-2365-466c)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-39264","ASSIGNER":"security@apache.org","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-209 Generation of Error Message Containing Sensitive Information","cweId":"CWE-209"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apache Software Foundation","product":{"product_data":[{"product_name":"Apache Superset","version":{"version_data":[{"version_affected":"<=","version_name":"0","version_value":"2.1.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75","refsource":"MISC","name":"https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"credits":[{"lang":"en","value":"Miguel Segovia Gil"}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-09-06 13:15:00","lastModifiedDate":"2023-09-11 14:28:00","problem_types":["CWE-209"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}