Users able to query database metadata in Apache Superset
Moderate severity
GitHub Reviewed
Published
Feb 26, 2020
to the GitHub Advisory Database
•
Updated Sep 5, 2024
Description
Published by the National Vulnerability Database
Dec 16, 2019
Reviewed
Feb 25, 2020
Published to the GitHub Advisory Database
Feb 26, 2020
Last updated
Sep 5, 2024
In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query.
References