Apache · Apache Superset · CVE-2024-28148
**Name of the Vulnerable Software and Affected Versions**
Apache Superset versions prior to 3.1.2
**Description**
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.
**Recommendations**
For versions prior to 3.1.2, upgrade to version 3.1.2 or above, which fixes the issue.