CVE-2021-37839

Improper access to dataset metadata information

EPSS 1.1%CWE-273

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

Produtos afetados

Apache Software Foundation · Apache Superset

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82