You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@superset.apache.org by Daniel Gaspar <dp...@apache.org> on 2022/07/06 12:13:10 UTC
CVE-2021-37839: Apache Superset: Improper access to dataset metadata information
Description:
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.
Mitigation:
Upgrade to 1.5.1 or higher
Credit:
Apache Superset would like to thank Dinesh for reporting this issue
RE: CVE-2021-37839: Apache Superset: Improper access to dataset metadata information
Posted by Gemma Moreno <ge...@omfair.com>.
Hi,
Just checking, are you interested acquiring the list of attendees? Please respond my email. I'm waiting for your response.
Thank you.
-----Original Message-----
From: Daniel Gaspar <dp...@apache.org>
Sent: Wednesday, July 6, 2022 5:43 PM
To: announce@apache.org; dev@superset.apache.org
Subject: CVE-2021-37839: Apache Superset: Improper access to dataset metadata information
Description:
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.
Mitigation:
Upgrade to 1.5.1 or higher
Credit:
Apache Superset would like to thank Dinesh for reporting this issue