CVE-2022-43721 – apache-superset

Package

Manager: pip
Name: apache-superset
Vulnerable Version: >=0 <=1.5.2 || =2.0.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00182 pctl0.40208

Details

Apache Superset Open Redirect vulnerability An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Metadata

Created: 2023-01-16T12:30:17Z
Modified: 2025-04-07T19:49:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-fcg4-pm6h-9xx2/GHSA-fcg4-pm6h-9xx2.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-fcg4-pm6h-9xx2
Finding: F156
Auto approve: 1