An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. This issue affects Apache Superset before 3.1.2.
Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.