CVE-2022-45438

Description

When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics