Affected versions: - Apache Superset before 4.0.0
Description: An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 4.0.0. Users are recommended to upgrade to version 4.0.0, which fixes the issue. Credit: Daniel Pedro Vaz Gaspar (remediation developer) Krishna Nadh (finder) References: https://superset.apache.org https://www.cve.org/CVERecord?id=CVE-2024-28148