oss-sec mailing list archives
CVE-2022-43719: Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API
From: Daniel Gaspar <dpgaspar () apache org>
Date: Mon, 16 Jan 2023 09:19:57 +0000
Severity: moderate Description: Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. Credit: Positive Technologies (finder) References: https://superset.apache.org https://www.cve.org/CVERecord?id=CVE-2022-43719
Current thread:
- CVE-2022-43719: Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API Daniel Gaspar (Jan 16)