CVE-2022-43721

Description

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Related CPE's

aapachesuperset********

aapachesuperset2.0.0rc1******

aapachesuperset2.0.0rc2******

aapachesuperset2.0.0-******

References

https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg

Mailing ListVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io