BIT-superset-2021-37839

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/superset/BIT-superset-2021-37839.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-superset-2021-37839
Aliases
Published
2025-02-05T07:29:47.009Z
Modified
2025-05-20T10:02:07.006Z
Summary
Improper access to dataset metadata information
Details

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

Database specific
{
    "cpes": [
        "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / superset

Package

Name
superset
Purl
pkg:bitnami/superset

Severity

  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.2