PT-2023-14307 · Apache · Apache Superset
Vladimir Razov
·
Published
2023-01-16
·
Updated
2025-04-07
·
CVE-2022-43721
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Superset versions 1.5.2 and prior
Apache Superset version 2.0.0
Description
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site. Users could be redirected to this site when clicking on that specific dataset.
Recommendations
For Apache Superset versions 1.5.2 and prior, consider restricting the update datasets permission to trusted users until a patch is available.
For Apache Superset version 2.0.0, consider restricting the update datasets permission to trusted users until a patch is available.
As a temporary workaround, consider monitoring and validating dataset links to prevent redirection to untrusted sites.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Superset