PT-2023-14304 · Apache · Apache Superset
Vladimir Razov
·
Published
2023-01-16
·
Updated
2025-04-07
·
CVE-2022-43719
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache Superset versions 1.5.2 and prior
Apache Superset version 2.0.0
Description
The issue concerns two legacy REST API endpoints for approval and request access that are vulnerable to cross-site request forgery.
Recommendations
For Apache Superset versions 1.5.2 and prior, update to a version that is not affected by this issue.
For Apache Superset version 2.0.0, update to a version that is not affected by this issue.
As a temporary workaround, consider restricting access to the vulnerable API endpoints until a patch is available.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Superset