CVE-2021-37839 is a vulnerability in Apache Superset
Published on July 6, 2022
Improper access to dataset metadata information
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.
Weakness Type
Improper Check for Dropped Privileges
The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. If the drop fails, the software will continue to run with the raised privileges, which might provide additional access to unprivileged users.
Products Associated with CVE-2021-37839
Want to know whenever a new CVE is published for Apache Superset? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Superset:- Version Apache Superset and below 1.5.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.