CVE-2021-37839

CVE-2021-37839: Improper access to dataset metadata information

Vendor Apache Software Foundation
Product Apache Superset
Weakness CWE-273
Published July 6, 2022
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

Key dates

02Disclosure timeline

July 6, 2022 CVE published
August 4, 2024 Record updated