CVE-2022-43719

EPSS 0.46%
Veröffentlicht 16.01.2023 11:15:10
Zuletzt bearbeitet 07.04.2025 15:15:40
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 4 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Superset Version <= 1.5.2

Apache ≫ Superset Version2.0.0 Update-

Apache ≫ Superset Version2.0.0 Updaterc1

Apache ≫ Superset Version2.0.0 Updaterc2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.46%	0.633

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-43719

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43719

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43719

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-43719