Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-42502

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.

Published

2023-11-28T17:15:07.907

Last Modified

2024-11-21T08:22:40.920

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

Weaknesses

Type: Primary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	superset	< 3.0.0	Yes

References

https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn Mailing List, Third Party Advisory ([email protected])
https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)