PT-2023-14304 · Apache · Apache Superset

Vladimir Razov

Publicado

2023-01-16

Atualizado

2025-04-07

CVE-2022-43719

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0

Description The issue concerns two legacy REST API endpoints for approval and request access that are vulnerable to cross-site request forgery.

Recommendations For Apache Superset versions 1.5.2 and prior, update to a version that is not affected by this issue. For Apache Superset version 2.0.0, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints until a patch is available.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

BIT-SUPERSET-2022-43719

CVE-2022-43719

GHSA-7222-R37X-8Q3M

Produtos afetados

Apache Superset

PT-2023-14304 · Apache · Apache Superset

CVE-2022-43719

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8