CVE-2022-43719 – apache-superset

Package

Manager: pip
Name: apache-superset
Vulnerable Version: >=0 <=1.5.2 || =2.0.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00239 pctl0.46865

Details

Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Metadata

Created: 2023-01-16T12:30:18Z
Modified: 2025-04-07T19:47:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-7222-r37x-8q3m/GHSA-7222-r37x-8q3m.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-7222-r37x-8q3m
Finding: F007
Auto approve: 1