Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasource_id in the URL, an attacker can enumerate and confirm the existence and names of protected datasources, leading to sensitive information disclosure. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue.

Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access

Уязвимость программного обеспечения визуализации данных Apache Superset, связанная с неправильным контролем доступа в конечной точке /explore, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации