CVE-2022-43721

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset.This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
apacheCNA
---
---
CVEADP
---
---
CISA-ADPADP
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
apachesuperset
𝑥
≤ 1.5.2
apachesuperset
2.0.0
apachesuperset
2.0.0:rc1
apachesuperset
2.0.0:rc2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg
https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg