oss-sec mailing list archives
CVE-2021-37839: Apache Superset: Improper access to dataset metadata information
From: Daniel Gaspar <dpgaspar () apache org>
Date: Wed, 06 Jul 2022 12:13:10 +0000
Description: Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics. Mitigation: Upgrade to 1.5.1 or higher Credit: Apache Superset would like to thank Dinesh for reporting this issue
Current thread:
- CVE-2021-37839: Apache Superset: Improper access to dataset metadata information Daniel Gaspar (Jul 06)