CVE-2022-43721

CWE-601Open Redirect4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.7%
top 29.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache SupersetApache Superset
Timeline
PublishedJan 16

Description

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

CVEListV5apache_software_foundation/apache_superset2.0.02.0.1+1
NVDapache/superset1.5.2+1
PyPIapache-superset1.5.2

🔴Vulnerability Details

3
CVEList
Apache Superset: Open Redirect Vulnerability2023-01-16
OSV
Apache Superset Open Redirect vulnerability2023-01-16
GHSA
Apache Superset Open Redirect vulnerability2023-01-16
CVE-2022-43721 (MEDIUM CVSS 5.4) | An authenticated attacker with upda | cvebase.io