When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache superset |
||
apache superset 2.0.0 |