An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg | Mailing List Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:54
Type | Values Removed | Values Added |
---|---|---|
Summary | An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. |
Information
Published : 2023-01-16 11:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-43721
Mitre link : CVE-2022-43721
CVE.ORG link : CVE-2022-43721
JSON object : View
Products Affected
apache
- superset
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')