Apache Superset 1.5.1 - Unauthorized Access to Dataset Metadata
CVE-2021-37839 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.
Learn more about our User Device Pen Test.