CVE-2021-37839

Published: Jul 6, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

Affected (1)

Products: Apache: Superset

Apache

1 product

Superset

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Superset	Up to 1.5.1

Related CWEs

CWE-273

Improper Check for Dropped Privileges

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

References (2)

https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82

Source: security@apache.org

Mailing ListThird Party Advisory

https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.