CVE-2023-42502 — Open Redirect in Software Foundation Apache Superset

CWE-601 — Open Redirect4 documents4 sources

Severity

5.4MEDIUMNVD

CNA4.8

EPSS

0.1%

top 78.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Superset Apache Superset

Timeline

PublishedNov 28

Description

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDapache/superset< 3.0.0

▶CVEListV5apache_software_foundation/apache_superset< 3.0.0

🔴Vulnerability Details

GHSA

Apache Superset Open Redirect vulnerability↗2023-11-28

▶

OSV

Apache Superset Open Redirect vulnerability↗2023-11-28

▶

CVEList

Apache Superset: Open Redirect Vulnerability↗2023-11-28

▶