Description
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Related CPE's
a
apache
superset
4
References
https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg
Mailing ListVendor Advisory
https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg
Mailing ListVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-01-16T11:15:10.657
2 years agoLast modified
2025-04-07T15:15:41.363
3 months ago