CVE-2021-37839

Improper access to dataset metadata information

EPSS 1.1%CWE-273

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

Affected products

Apache Software Foundation · Apache Superset

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82