Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43721

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Published

2023-01-16T11:15:10.657

Last Modified

2025-04-07T15:15:41.363

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	superset	≤ 1.5.2	Yes
Application	apache	superset	2.0.0	Yes
Application	apache	superset	2.0.0	Yes
Application	apache	superset	2.0.0	Yes

References

https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg Mailing List, Vendor Advisory ([email protected])
https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)