Apache Superset 1.5.1 - Unauthorized Access to Dataset Metadata

Apache Superset 1.5.1 - Unauthorized Access to Dataset Metadata

CVE-2021-37839 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

Learn more about our User Device Pen Test.