Lucene search
GitHub Advisory DatabaseGHSA-7222-R37X-8Q3MHistoryJan 16, 2023 - 12:30 p.m.
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
2023-01-1612:30:18
CWE-352
GitHub Advisory Database
github.com
15
apache superset
csrf
vulnerability
rest api
legacy
version 1.5.2
version 2.0.0
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.005
Percentile
77.7%
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Affected configurations
Node
apachesupersetMatch2.0.0
ORapachesupersetRange≤1.5.2
Related
nvd
nvd
CVE-2022-43719
2023-01-16 11:15:10
cnvd
cnvd
Apache Superset Cross-Site Request Forgery Vulnerability
2023-01-18 00:00:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2023-01-19 03:47:44
prion
prion
Cross site request forgery (csrf)
2023-01-16 11:15:00
osv
osv
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
2023-01-16 12:30:18
CVE-2022-43719
2023-01-16 11:15:10
cvelist
cvelist
cve
cve
CVE-2022-43719
2023-01-16 11:15:10
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.005
Percentile
77.7%
Related for GHSA-7222-R37X-8Q3M