You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@superset.apache.org by Daniel Gaspar <dp...@apache.org> on 2022/07/06 12:13:10 UTC

CVE-2021-37839: Apache Superset: Improper access to dataset metadata information

Description:

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

Mitigation:

Upgrade to 1.5.1 or higher

Credit:

Apache Superset would like to thank Dinesh for reporting this issue

RE: CVE-2021-37839: Apache Superset: Improper access to dataset metadata information

Posted by Gemma Moreno <ge...@omfair.com>.

Hi,
Just checking, are you interested acquiring the list of attendees? Please respond my email. I'm waiting for your response.
Thank you.






-----Original Message-----
From: Daniel Gaspar <dp...@apache.org> 
Sent: Wednesday, July 6, 2022 5:43 PM
To: announce@apache.org; dev@superset.apache.org
Subject: CVE-2021-37839: Apache Superset: Improper access to dataset metadata information 

Description:

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

Mitigation:

Upgrade to 1.5.1 or higher

Credit:

Apache Superset would like to thank Dinesh for reporting this issue