CVE-2022-43719

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-43719

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-43719.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-43719

Aliases

Published

2023-01-16T11:15:10Z

Modified

2025-04-07T15:15:40Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

References

https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0

Affected packages

Git / github.com/apache/superset

Affected ranges

Type: GIT
Repo: https://github.com/apache/superset
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

067495d954ee0015d35c1437245feb66984e4c49

Last affected

0c05300ce51b721e88870565833f72a3337cc300

Last affected

edbbf886af53009676a1fae32fc024efa2d68534