Vulnerability Database

299,759

Total vulnerabilities in the database

CVE-2023-42502

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.

Published: Nov 28, 2023
Updated: May 9, 2024
CVE: CVE-2023-42502
GHSA: GHSA-hc74-9vjm-c9xv
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
apache-superset	-	3.0.0
apache / superset	-	3.0.0

http://www.openwall.com/lists/oss-security/2023/11/28/3
https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo