Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-37839

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

Published

2022-07-06T13:15:09.170

Last Modified

2024-11-21T06:15:56.870

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-273
Type: Primary
CWE-273

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	superset	≤ 1.5.1	Yes

References

https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82 Mailing List, Third Party Advisory ([email protected])
https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)