CVE-2022-43719

EPSS 0.11%
Veröffentlicht 16.01.2023 11:15:10
Zuletzt bearbeitet 07.04.2025 15:15:40
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Superset Version <= 1.5.2

Apache ≫ Superset Version2.0.0 Update-

Apache ≫ Superset Version2.0.0 Updaterc1

Apache ≫ Superset Version2.0.0 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.302

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-43719

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43719

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43719

EUVD