Affected versions:
- Apache Superset before 4.0.0
Description:
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 4.0.0.
Users are recommended to upgrade to version 4.0.0, which fixes the issue.
Credit:
Daniel Pedro Vaz Gaspar (remediation developer)
Krishna Nadh (finder)
References:
https://superset.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-28148