An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. This issue affects Apache Superset before 3.1.2.
Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.
{ "nvd_published_at": "2024-05-07T14:15:10Z", "cwe_ids": [ "CWE-863" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-05-07T16:53:40Z" }