Description

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Related CPE's

a

apache

superset

4

References

https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg

Mailing ListVendor Advisory

https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg

Mailing ListVendor Advisory

Weaknesses

[email protected]

Secondary
CWE-601

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-16T11:15:10.657

2 years ago

Last modified

2025-04-07T15:15:41.363

3 months ago