Home > Vulnerability Database > CVE-2022-43721

Mend.io Vulnerability Database

CVE-2022-43721

Good to know:

Date: January 16, 2023

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Language: Python

Severity Score

5.4

Related Resources (3)

Url: https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-43721

Url: https://www.mend.io/vulnerability-database/CVE-2022-43721

Severity Score

5.4

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version apache-superset - 1.5.3,2.0.1

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-43721

Good to know:

Date: January 16, 2023

Language: Python

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?