A cross-site request forgery vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation. The vulnerability stems from the failure of two legacy REST APIs for granting and requesting access to properly validate user input, which could be exploited by attackers to probe server intranet resources.