[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2021-37839: Apache Superset: Improper access to dataset metadata information
From: Daniel Gaspar <dpgaspar () apache ! org>
Date: 2022-07-06 12:13:10
Message-ID: f99b360a-192e-5c4e-1832-ee26121ae0bf () apache ! org
[Download RAW message or body]
Description:
Apache Superset up to 1.5.1 allowed for authenticated users to access =
metadata information related to datasets they have no permission on. This =
metadata included the dataset name, columns and metrics.
Mitigation:
Upgrade to 1.5.1 or higher
Credit:
Apache Superset would like to thank Dinesh for reporting this issue
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic