CVE-2022-43721

EUVD-2023-0455
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA-ADPADP
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
apachesuperset
𝑥
≤ 1.5.2
apachesuperset
2.0.0
apachesuperset
2.0.0:rc1
apachesuperset
2.0.0:rc2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg
https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg