CVE-2022-43719

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:superset:2.0.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:superset:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:superset:2.0.0:rc2:*:*:*:*:*:*

History

21 Nov 2024, 07:27

Type Values Removed Values Added
References () https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0 - Mailing List, Vendor Advisory () https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0 - Mailing List, Vendor Advisory

07 Nov 2023, 03:54

Type Values Removed Values Added
Summary Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Information

Published : 2023-01-16 11:15

Updated : 2024-11-21 07:27


NVD link : CVE-2022-43719

Mitre link : CVE-2022-43719

CVE.ORG link : CVE-2022-43719


JSON object : View

Products Affected

apache

  • superset
CWE
CWE-352

Cross-Site Request Forgery (CSRF)