CVE-2021-37839

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-37839

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37839.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-37839

Aliases

GHSA-748r-5r8q-273m

Published

2022-07-06T13:15:09Z

Modified

2024-10-11T09:41:29Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

References

https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82

Affected packages

Git / github.com/apache/superset

Affected ranges

Type: GIT
Repo: https://github.com/apache/superset
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

48f3eb427300faf5aa0a5ba22b20997324df3d2d