Vulnerability CVE-2024-28148
Published: 2024-05-07

Description:
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 4.0.0.

Users are recommended to upgrade to version 4.0.0, which fixes the issue.

Type:

CWE-863

 (Incorrect Authorization)

 References:
https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo
Copyright 2026, cxsecurity.com

 

Back to Top