Lucene search
GoogleOSV:GHSA-7222-R37X-8Q3MHistoryJan 16, 2023 - 12:30 p.m.
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
2023-01-1612:30:18
Google
osv.dev
13
apache superset
cross-site request forgery
legacy rest api
vulnerable
software
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.005
Percentile
77.7%
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Related
cnvd
cnvd
Apache Superset Cross-Site Request Forgery Vulnerability
2023-01-18 00:00:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2023-01-19 03:47:44
github
github
nvd
nvd
CVE-2022-43719
2023-01-16 11:15:10
prion
prion
Cross site request forgery (csrf)
2023-01-16 11:15:00
osv
osv
CVE-2022-43719
2023-01-16 11:15:10
cvelist
cvelist
cve
cve
CVE-2022-43719
2023-01-16 11:15:10
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.005
Percentile
77.7%
Related for OSV:GHSA-7222-R37X-8Q3M