oss-sec mailing list archives
CVE-2023-42502: Apache Superset: Open Redirect Vulnerability
From: Daniel Gaspar <dpgaspar () apache org>
Date: Tue, 28 Nov 2023 16:08:27 +0000
Affected versions: - Apache Superset before 3.0.0 Description: An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0. Credit: Amit Laish – GE Vernova (finder) References: https://superset.apache.org https://www.cve.org/CVERecord?id=CVE-2023-42502
Current thread:
- CVE-2023-42502: Apache Superset: Open Redirect Vulnerability Daniel Gaspar (Nov 28)