Vulnerability Details : CVE-2021-37839
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.
Products affected by CVE-2021-37839
- cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-37839
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-37839
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2021-37839
-
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.Assigned by:
- nvd@nist.gov (Primary)
- security@apache.org (Secondary)
References for CVE-2021-37839
-
https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82
CVE-2021-37839: Apache Superset: Improper access to dataset metadata information-Apache Mail ArchivesMailing List;Third Party Advisory
Jump to