CVE-2022-43719

Published: Jan 16, 2023Modified: Apr 7, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Affected (4)

Products: Apache: Superset

Apache

1 product

Superset

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apache Superset	Up to 1.5.2
Apache Superset	Version 2.0.0
Apache Superset	Version 2.0.0 rc1
Apache Superset	Version 2.0.0 rc2

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.