{"id":"CVE-2019-12414","details":"In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab","aliases":["GHSA-9c29-9h4m-wg5p","PYSEC-2019-173"],"modified":"2026-03-14T01:31:07.037257Z","published":"2019-12-16T22:15:11.197Z","references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/396034aabe08dd349ff44eb062c718aadcf1b4e86f6372c7d5e988c0%40%3Cdev.superset.apache.org%3E"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12414.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"0.32"}]},{"events":[{"introduced":"0"},{"fixed":"0.32"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}