CVE-2022-43719

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References
Link Resource
https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0 Mailing List Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:superset:2.0.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:superset:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:superset:2.0.0:rc2:*:*:*:*:*:*

History

07 Nov 2023, 03:54

Type Values Removed Values Added
Summary Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Information

Published : 2023-01-16 11:15

Updated : 2024-02-28 19:51


NVD link : CVE-2022-43719

Mitre link : CVE-2022-43719

CVE.ORG link : CVE-2022-43719


JSON object : View

Products Affected

apache

  • superset
CWE
CWE-352

Cross-Site Request Forgery (CSRF)