CVE-2022-43719

HIGH

Apache Superset < 1.5.2 and 2.0.0 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

References (1)

Core 1
Core References
Mailing List, Vendor Advisory vendor-advisory
https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0

Scores

CVSS v3 8.8
EPSS 0.0153
EPSS Percentile 81.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-352
Status published
Products (3)
apache/superset 2.0.0 (3 CPE variants)
apache/superset < 1.5.2
pypi/apache-superset 0PyPI
Published Jan 16, 2023
Tracked Since Feb 18, 2026