CVE-2022-43721

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-43721

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-43721.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-43721

Aliases

Published

2023-01-16T11:15:10Z

Modified

2025-04-07T15:15:41Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

References

https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg

Affected packages

Git / github.com/apache/superset

Affected ranges

Type: GIT
Repo: https://github.com/apache/superset
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

067495d954ee0015d35c1437245feb66984e4c49

Last affected

0c05300ce51b721e88870565833f72a3337cc300

Last affected

edbbf886af53009676a1fae32fc024efa2d68534