CVE-2021-37839

CWE-2734 documents4 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 53.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache SupersetApache Superset
Timeline
PublishedJul 6
Latest updateJul 7

Description

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

PyPIapache-superset< 1.5.1
CVEListV5apache_software_foundation/apache_supersetApache Superset1.5.1
NVDapache/superset1.5.1

🔴Vulnerability Details

3
GHSA
Apache Superset allows authenticated users to access metadata they have no permission to2022-07-07
OSV
Apache Superset allows authenticated users to access metadata they have no permission to2022-07-07
CVEList
Improper access to dataset metadata information2022-07-06
CVE-2021-37839 (MEDIUM CVSS 4.3) | Apache Superset up to 1.5.1 allowed | cvebase.io