CVE-2021-37839
published 2022-07-06CVE-2021-37839: Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | superset | <= 1.5.1 | — |
| apache_software_foundation | apache_superset | >= Apache Superset < 1.5.1 | 1.5.1 |