Cross-site Scripting in Apache superset

2024-01-2315:30:58

Google

osv.dev

apache superset

xss vulnerability

stored xss

talisman_config

content security policy

configurations

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

0.0005 Low

EPSS

Percentile

16.1%

JSON

A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS.

For 2.X versions, users should change their config to include:

TALISMAN_CONFIG = {
“content_security_policy”: {
“base-uri”: [“‘self’”],
“default-src”: [“‘self’”],
“img-src”: [“‘self’”, “blob:”, “data:”],
“worker-src”: [“‘self’”, “blob:”],
“connect-src”: [
“‘self’”,
" https://api.mapbox.com" https://api.mapbox.com" ;,
" https://events.mapbox.com" https://events.mapbox.com" ;,
],
“object-src”: “‘none’”,
“style-src”: [
“‘self’”,
“‘unsafe-inline’”,
],
“script-src”: [“‘self’”, “‘strict-dynamic’”],
},
“content_security_policy_nonce_in”: [“script-src”],
“force_https”: False,
“session_cookie_secure”: False,
}

CPENameOperatorVersion
apache-superseteq1.3.1
apache-superseteq1.5.2
apache-superseteq0.37.1
apache-superseteq1.0.0
apache-superseteq2.1.1rc3
apache-superseteq0.35.1
apache-superseteq1.4.1
apache-superseteq0.34.1
apache-superseteq3.0.0
apache-superseteq1.1.0

Name	Operator	Version
apache-superset	eq	1.3.1
apache-superset	eq	1.5.2
apache-superset	eq	0.37.1
apache-superset	eq	1.0.0
apache-superset	eq	2.1.1rc3
apache-superset	eq	0.35.1
apache-superset	eq	1.4.1
apache-superset	eq	0.34.1
apache-superset	eq	3.0.0
apache-superset	eq	1.1.0