CVE-2022-43721

Published: Jan 16, 2023Modified: Apr 7, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Affected (4)

Products: Apache: Superset

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apache Superset	Up to 1.5.2
Apache Superset	Version 2.0.0
Apache Superset	Version 2.0.0 rc1
Apache Superset	Version 2.0.0 rc2

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.