CVE-2023-42502

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 3.0.0

Description An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header. Users could be redirected to this site when clicking on that specific dataset.

Recommendations For versions prior to 3.0.0, update to version 3.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the update datasets permission to trusted users until the update is applied.