Vulnerability in Apache Software Foundation Superset

CVE-2021-37839

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

EPSS: 0.003 (57.4th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Superset — versions Apache Superset

Weakness classification (CWE)

CWE-273 — Improper Check for Dropped Privileges

References

lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82 (x_refsource_MISC)