Primary

Context

Apache Superset Improper Access Control Vulnerability in Explore Endpoint Allowing Metadata Enumeration

Vulnerability

Patched

An improper access control vulnerability has been identified in Apache Superset versions prior to 5.0.0, specifically within the /explore endpoint. The vulnerability arises from a missing authorization check, which enables authenticated users to access metadata about datasources they are not authorized to view. By manipulating the datasource_id in the URL, an attacker can enumerate and verify the existence and names of protected datasources, resulting in unauthorized disclosure of sensitive information.

Impact

Exploitation of this vulnerability allows for unauthorized enumeration of protected datasources, potentially leading to disclosure of sensitive metadata.

Remediation

Users are advised to upgrade to Apache Superset version 5.0.0 or later, which addresses this vulnerability.

Added: Aug 14, 2025, 3:10 PM

Updated: Aug 14, 2025, 3:10 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Superset Improper Access Control Vulnerability in Explore Endpoint Allowing Metadata Enumeration

Vulnerability

Impact

Remediation

Affected Products

Apache Superset

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating