CVE-2021-37839

Summary

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache SupersetApache Superset < 1.5.1affected

Weaknesses

  • CWE-273: CWE-273 Improper Check for Dropped Privileges

Workarounds

Upgrade to 1.5.1 or higher

ADP Enrichment

CVE Program Container

Additional References

References