Lucene search
ApacheCVE-2022-43719HistoryJan 16, 2023 - 11:15 a.m.
CVE-2022-43719
2023-01-1611:15:10
CWE-352
apache
web.nvd.nist.gov
39
cve-2022-43719
apache superset
legacy
rest api
csrf
vulnerability
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.5
Confidence
High
EPSS
0.005
Percentile
77.7%
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Affected configurations
Node
apachesupersetRange≤1.5.2
ORapachesupersetMatch2.0.0-
ORapachesupersetMatch2.0.0rc1
ORapachesupersetMatch2.0.0rc2
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
cnvd
cnvd
Apache Superset Cross-Site Request Forgery Vulnerability
2023-01-18 00:00:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2023-01-19 03:47:44
github
github
nvd
nvd
CVE-2022-43719
2023-01-16 11:15:10
prion
prion
Cross site request forgery (csrf)
2023-01-16 11:15:00
osv
osv
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
2023-01-16 12:30:18
CVE-2022-43719
2023-01-16 11:15:10
cvelist
cvelist
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.5
Confidence
High
EPSS
0.005
Percentile
77.7%
Related for CVE-2022-43719