CVE-2022-43719

2023-01-1611:15:10

CWE-352

[email protected]

web.nvd.nist.gov

legacy api

cross site request forgery

apache superset

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.005

Percentile

77.7%

JSON

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Affected configurations

Nvd

Node

apachesupersetRange≤1.5.2

apachesupersetMatch2.0.0-

apachesupersetMatch2.0.0rc1

apachesupersetMatch2.0.0rc2

VendorProductVersionCPE
apachesuperset*cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*
apachesuperset2.0.0cpe:2.3:a:apache:superset:2.0.0:-:*:*:*:*:*:*
apachesuperset2.0.0cpe:2.3:a:apache:superset:2.0.0:rc1:*:*:*:*:*:*
apachesuperset2.0.0cpe:2.3:a:apache:superset:2.0.0:rc2:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	superset	*	cpe:2.3:a:apache:superset::::::::
apache	superset	2.0.0	cpe:2.3:a:apache:superset:2.0.0:-::::::
apache	superset	2.0.0	cpe:2.3:a:apache:superset:2.0.0:rc1::::::
apache	superset	2.0.0	cpe:2.3:a:apache:superset:2.0.0:rc2::::::