Improper Check for Dropped Privileges

CVE-2021-37839

Medium

4.3/10

Summary

Apache Superset prior to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-273 - Improper Check for Dropped Privileges

The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

References

Advisory
Pull request

Advisory Timeline

Published Jun 07, 2022

Improper Check for Dropped Privileges

CVE-2021-37839

Summary

CWE-273 - Improper Check for Dropped Privileges

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS