oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-42502: Apache Superset: Open Redirect Vulnerability

From: Daniel Gaspar <dpgaspar () apache org>
Date: Tue, 28 Nov 2023 16:08:27 +0000
Affected versions:

- Apache Superset before 3.0.0

Description:

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing 
the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects 
Apache Superset versions before 3.0.0.

Credit:

Amit Laish – GE Vernova (finder)

References:

https://superset.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-42502
Previous By Date Next
Previous By Thread Next

Current thread: