CVE-2022-43719 — Cross-Site Request Forgery in Software Foundation Apache Superset

CWE-352 — Cross-Site Request Forgery4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 36.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Superset Apache Superset

Timeline

PublishedJan 16

Description

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5apache_software_foundation/apache_superset2.0.0 — 2.0.1+1

▶NVDapache/superset1.5.2+1

🔴Vulnerability Details

OSV

Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints↗2023-01-16

▶

CVEList

Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API↗2023-01-16

▶

GHSA

Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints↗2023-01-16

▶