CVE-2022-43719

HIGH8.8EPSS 1.5%

Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API

發布日:2023/1/16修改日:2025/11/6

描述

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

受影響套件(2)

Bitnami/supersetfrom 0, < 1.5.3, >= 2.0.0, < 2.0.1
PyPI/apache-supersetfrom 0, <= 1.5.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-43719
PATCHhttps://github.com/apache/superset
WEBhttps://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0