CVE-2022-43721: Apache Superset: Open Redirect Vulnerability
First published: Mon Jan 16 2023(Updated: )
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Superset | <=1.5.2 | |
| Apache Superset | =2.0.0 | |
| Apache Superset | =2.0.0-rc1 | |
| Apache Superset | =2.0.0-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability identifier for this issue?
The vulnerability identifier for this issue is CVE-2022-43721.
What is the severity level of CVE-2022-43721?
The severity level of CVE-2022-43721 is medium.
Which software versions are affected by CVE-2022-43721?
Apache Superset version 1.5.2 and prior versions, as well as version 2.0.0, are affected by CVE-2022-43721.
How can an attacker exploit CVE-2022-43721?
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, redirecting users to that site when clicking on the dataset.
Is there a fix available for CVE-2022-43721?
Yes, updating to Apache Superset version 2.0.1 or later resolves the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/apache
- canonical/apache superset
- version/apache superset/1.5.2
- version/apache superset/2.0.0
- version/apache superset/2.0.0-rc1
- version/apache superset/2.0.0-rc2