Sunny Alexli

**Name of the Vulnerable Software and Affected Versions** Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 **Description** The system allowed an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint when the feature flag `DASHBOARD CACHE` was explicitly enabled. This flag is disabled by default. **Recommendations** For Apache Superset versions 1.5.2 and prior, consider disabling the `DASHBOARD CACHE` feature flag until a patch is available. For Apache Superset version 2.0.0, consider disabling the `DASHBOARD CACHE` feature flag until a patch is available. As a temporary workaround, restrict access to the REST API Get endpoint to minimize the risk of exploitation.