CVE-2022-43719

Summary

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Superset2.0.0 < 2.0.1affected
Apache Software FoundationApache Superset0 <= 1.5.2affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References