PT-2023-14302 · Apache · Apache Superset

Vladimir Razov

Publicado

2023-01-16

Atualizado

2025-04-04

CVE-2022-43717

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0

Description The issue is related to the dashboard rendering not sufficiently sanitizing the content of markdown components, leading to possible XSS attack vectors. These attacks can be performed by authenticated users with create dashboard permissions.

Recommendations For Apache Superset versions 1.5.2 and prior, update to a version later than 1.5.2 to resolve the issue. For Apache Superset version 2.0.0, consider disabling the markdown component rendering in dashboards until a patch is available.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BIT-SUPERSET-2022-43717

CVE-2022-43717

GHSA-9F88-WG5R-947J

Produtos afetados

Apache Superset

PT-2023-14302 · Apache · Apache Superset

CVE-2022-43717

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8