Vulnerability Database

299,759

Total vulnerabilities in the database

CVE-2022-43721

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Published: Jan 16, 2023
Updated: May 9, 2024
CVE: CVE-2022-43721
GHSA: GHSA-fcg4-pm6h-9xx2
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
apache / superset	-	1.5.2.x
apache / superset	2.0.0-rc1	2.0.0-rc1.x
apache / superset	2.0.0-rc2	2.0.0-rc2.x
apache / superset	2.0.0	2.0.0.x
apache-superset	-	1.5.2.x
apache-superset	2.0.0	2.0.0.x

https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo